Total
8865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4049 | 3 Debian, Opensuse, Php | 3 Debian Linux, Opensuse, Php | 2024-02-28 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. | |||||
CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-02-28 | 7.1 HIGH | N/A |
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | |||||
CVE-2014-1557 | 3 Debian, Mozilla, Oracle | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | |||||
CVE-2014-1737 | 5 Debian, Linux, Oracle and 2 more | 8 Debian Linux, Linux Kernel, Linux and 5 more | 2024-02-28 | 7.2 HIGH | N/A |
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. | |||||
CVE-2014-9112 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2024-02-28 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||||
CVE-2015-1572 | 3 Canonical, Debian, E2fsprogs Project | 3 Ubuntu Linux, Debian Linux, E2fsprogs | 2024-02-28 | 4.6 MEDIUM | N/A |
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. | |||||
CVE-2015-1592 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2024-02-28 | 7.5 HIGH | N/A |
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2014-0457 | 6 Canonical, Debian, Ibm and 3 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||||
CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
CVE-2015-2573 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||||
CVE-2015-2191 | 4 Debian, Mageia, Opensuse and 1 more | 4 Debian Linux, Mageia, Opensuse and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | |||||
CVE-2015-1245 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. | |||||
CVE-2014-9035 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-3167 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2014-0118 | 3 Apache, Debian, Redhat | 4 Http Server, Debian Linux, Enterprise Linux and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. | |||||
CVE-2014-7204 | 3 Canonical, Debian, Mageia | 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||||
CVE-2015-2776 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2024-02-28 | 4.3 MEDIUM | N/A |
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | |||||
CVE-2014-9658 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 7.5 HIGH | N/A |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | |||||
CVE-2015-3026 | 3 Debian, Opensuse, Xiph | 3 Debian Linux, Opensuse, Icecast | 2024-02-28 | 5.0 MEDIUM | N/A |
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." | |||||
CVE-2015-1236 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. |