Total
8865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3145 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-28 | 4.9 MEDIUM | N/A |
| The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. | |||||
| CVE-2015-0382 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2014-9221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | |||||
| CVE-2014-9670 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. | |||||
| CVE-2014-4207 | 4 Debian, Mariadb, Oracle and 1 more | 7 Debian Linux, Mariadb, Mysql and 4 more | 2024-02-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. | |||||
| CVE-2015-1414 | 3 Debian, Freebsd, Netgate | 3 Debian Linux, Freebsd, Pfsense | 2024-02-28 | 7.8 HIGH | N/A |
| Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | |||||
| CVE-2014-5270 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2024-02-28 | 2.1 LOW | N/A |
| Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. | |||||
| CVE-2013-0339 | 4 Canonical, Debian, Suse and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Enterprise Server and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
| libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. | |||||
| CVE-2014-0446 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||||
| CVE-2015-2684 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-02-28 | 4.0 MEDIUM | N/A |
| Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-02-28 | 5.4 MEDIUM | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | |||||
| CVE-2014-3168 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. | |||||
| CVE-2014-4911 | 2 Debian, Polarssl | 2 Debian Linux, Polarssl | 2024-02-28 | 5.0 MEDIUM | N/A |
| The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. | |||||
| CVE-2015-0239 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-02-28 | 4.4 MEDIUM | N/A |
| The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | |||||
| CVE-2013-6425 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||||
| CVE-2015-1802 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxfont | 2024-02-28 | 8.5 HIGH | N/A |
| The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. | |||||
| CVE-2014-4975 | 4 Canonical, Debian, Redhat and 1 more | 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | |||||
| CVE-2014-9664 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 6.8 MEDIUM | N/A |
| FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. | |||||
| CVE-2014-8595 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-02-28 | 1.9 LOW | N/A |
| arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | |||||