Total
8865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0252 | 3 Apache, Debian, Fedoraproject | 3 Xerces-c\+\+, Debian Linux, Fedora | 2024-02-28 | 5.0 MEDIUM | N/A |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |||||
CVE-2014-9585 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2024-02-28 | 2.1 LOW | N/A |
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | |||||
CVE-2015-2188 | 5 Debian, Mageia, Opensuse and 2 more | 6 Debian Linux, Mageia, Opensuse and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | |||||
CVE-2015-1249 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-0838 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | |||||
CVE-2014-9089 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. | |||||
CVE-2015-3415 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Watchos, Ubuntu Linux and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | |||||
CVE-2014-0459 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. | |||||
CVE-2015-0505 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||||
CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2024-02-28 | 4.0 MEDIUM | N/A |
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||||
CVE-2014-3162 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2013-4590 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Solaris | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2014-2414 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. | |||||
CVE-2015-0408 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | |||||
CVE-2014-1505 | 7 Canonical, Debian, Mozilla and 4 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. | |||||
CVE-2015-2775 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2024-02-28 | 7.6 HIGH | N/A |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |||||
CVE-2014-1481 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. | |||||
CVE-2014-3479 | 5 Debian, File Project, Opensuse and 2 more | 5 Debian Linux, File, Opensuse and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. | |||||
CVE-2014-9036 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | |||||
CVE-2014-3533 | 4 Debian, Freedesktop, Mageia Project and 1 more | 4 Debian Linux, Dbus, Mageia and 1 more | 2024-02-28 | 2.1 LOW | N/A |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. |