Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0313 | 6 Adobe, Apple, Linux and 3 more | 16 Flash Player, Mac Os X, Linux Kernel and 13 more | 2024-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | |||||
| CVE-2014-3153 | 6 Canonical, Linux, Opensuse and 3 more | 9 Ubuntu Linux, Linux Kernel, Opensuse and 6 more | 2024-07-02 | 7.2 HIGH | 7.8 HIGH |
| The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. | |||||
| CVE-2015-8651 | 9 Adobe, Apple, Google and 6 more | 22 Air, Air Sdk, Air Sdk \& Compiler and 19 more | 2024-07-01 | 9.3 HIGH | 8.8 HIGH |
| Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-4495 | 6 Canonical, Mozilla, Opensuse and 3 more | 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more | 2024-06-28 | 4.3 MEDIUM | 8.8 HIGH |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 32 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 more | 2024-06-28 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | |||||
| CVE-2016-3427 | 8 Apache, Canonical, Debian and 5 more | 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more | 2024-06-27 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | |||||
| CVE-2010-3904 | 6 Canonical, Linux, Opensuse and 3 more | 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more | 2024-06-27 | 7.2 HIGH | 7.8 HIGH |
| The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | |||||
| CVE-2012-0507 | 4 Debian, Oracle, Sun and 1 more | 7 Debian Linux, Jre, Jre and 4 more | 2024-04-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | |||||
| CVE-2013-2465 | 3 Oracle, Sun, Suse | 6 Jre, Jre, Linux Enterprise Desktop and 3 more | 2024-04-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | |||||
| CVE-2012-5076 | 2 Oracle, Suse | 2 Jre, Linux Enterprise Desktop | 2024-04-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. | |||||
| CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 29 Eos, Ubuntu Linux, Debian Linux and 26 more | 2024-04-24 | 10.0 HIGH | 9.8 CRITICAL |
| The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | |||||
| CVE-2022-27239 | 5 Debian, Fedoraproject, Hp and 2 more | 19 Debian Linux, Fedora, Helion Openstack and 16 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | |||||
| CVE-2018-10195 | 3 Debian, Lrzsz Project, Suse | 5 Debian Linux, Lrzsz, Linux Enterprise Debuginfo and 2 more | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | |||||
| CVE-2020-8018 | 1 Suse | 1 Linux Enterprise Desktop | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; | |||||
| CVE-2020-8016 | 2 Opensuse, Suse | 4 Leap, Texlive-filesystem, Linux Enterprise Desktop and 1 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. | |||||
| CVE-2020-8017 | 2 Opensuse, Suse | 4 Leap, Texlive-filesystem, Linux Enterprise Desktop and 1 more | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
| A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. | |||||
| CVE-2015-5239 | 5 Arista, Canonical, Fedoraproject and 2 more | 8 Eos, Ubuntu Linux, Fedora and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | |||||
| CVE-2014-1947 | 2 Imagemagick, Suse | 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | |||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-02-28 | 3.2 LOW | 6.8 MEDIUM |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||||
| CVE-2019-11038 | 8 Canonical, Debian, Fedoraproject and 5 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | |||||