Total
1465 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-3119 | 2 Mit, Opensuse | 3 Kerberos 5, Leap, Opensuse | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | |||||
CVE-2016-3100 | 2 Kde, Opensuse | 3 Kde Frameworks, Leap, Opensuse | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. | |||||
CVE-2016-3075 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Glibc and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |||||
CVE-2016-3074 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. | |||||
CVE-2016-3069 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | |||||
CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |||||
CVE-2016-2851 | 3 Cypherpunks, Debian, Opensuse | 4 Libotr, Debian Linux, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. | |||||
CVE-2016-2834 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Network Security Services and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-2833 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | |||||
CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||||
CVE-2016-2831 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | |||||
CVE-2016-2829 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | |||||
CVE-2016-2828 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. | |||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
CVE-2016-2824 | 3 Microsoft, Mozilla, Opensuse | 4 Windows, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. | |||||
CVE-2016-2822 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | |||||
CVE-2016-2821 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. | |||||
CVE-2016-2819 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. | |||||
CVE-2016-2818 | 6 Canonical, Debian, Mozilla and 3 more | 21 Ubuntu Linux, Debian Linux, Firefox and 18 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |