Total
10000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4515 | 2 Debian, Exuberant Ctags Project | 2 Debian Linux, Exuberant Ctags | 2025-04-14 | N/A | 7.8 HIGH |
|
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
|
|||||
| CVE-2015-3231 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
|
|||||
| CVE-2015-2788 | 1 Debian | 2 Dbd-firebird, Debian Linux | 2025-04-12 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.
|
|||||
| CVE-2015-0499 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
|
|||||
| CVE-2014-3534 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
|
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
|
|||||
| CVE-2014-9272 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
|
|||||
| CVE-2016-1651 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Leap and 1 more | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
|
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
|
|||||
| CVE-2014-9671 | 6 Canonical, Debian, Freetype and 3 more | 11 Ubuntu Linux, Debian Linux, Freetype and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
|
|||||
| CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
|
|||||
| CVE-2012-6700 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
|
|||||
| CVE-2015-8779 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
|
|||||
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.5 MEDIUM | N/A |
|
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
|||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
|
|||||
| CVE-2015-8931 | 4 Canonical, Debian, Libarchive and 1 more | 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
|
|||||
| CVE-2015-0838 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2025-04-12 | 7.5 HIGH | N/A |
|
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
|
|||||
| CVE-2016-6835 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
|
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
|
|||||
| CVE-2014-9656 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
|
|||||
| CVE-2016-1981 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
|
|||||
| CVE-2016-5420 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
|
|||||
| CVE-2014-0226 | 4 Apache, Debian, Oracle and 1 more | 7 Http Server, Debian Linux, Enterprise Manager Ops Center and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
|
|||||
| CVE-2015-2331 | 5 Debian, Fedoraproject, Nih and 2 more | 5 Debian Linux, Fedora, Libzip and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
|
|||||
| CVE-2016-9911 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2025-04-12 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
|
|||||
| CVE-2014-2851 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
|
|||||
| CVE-2016-2381 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
|
|||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.
|
|||||
| CVE-2014-2414 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
|
|||||
| CVE-2015-1421 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
|
|||||
| CVE-2016-0766 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2014-5461 | 5 Canonical, Debian, Lua and 2 more | 5 Ubuntu Linux, Debian Linux, Lua and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
|
|||||
| CVE-2014-0457 | 6 Canonical, Debian, Ibm and 3 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
|
|||||
| CVE-2015-1258 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.
|
|||||
| CVE-2014-2423 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
|
|||||
| CVE-2014-2709 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2025-04-12 | 7.5 HIGH | N/A |
|
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
|
|||||
| CVE-2016-0747 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
|
|||||
| CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Leap, Opensuse and 2 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
|
|||||
| CVE-2015-8325 | 3 Canonical, Debian, Openbsd | 5 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 2 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
|
|||||
| CVE-2016-0608 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
|
|||||
| CVE-2015-1274 | 4 Debian, Google, Opensuse and 1 more | 6 Debian Linux, Chrome, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
|
|||||
| CVE-2015-0885 | 2 Checkpw Project, Debian | 2 Checkpw, Debian Linux | 2025-04-12 | 5.0 MEDIUM | N/A |
|
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.
|
|||||
| CVE-2016-0746 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
|
|||||