Total
1849 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 9 Ubuntu Linux, Debian Linux, Cups-filters and 6 more | 2025-04-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | |||||
| CVE-2014-9669 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. | |||||
| CVE-2016-4137 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-1704 | 5 Canonical, Google, Novell and 2 more | 8 Ubuntu Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-0642 | 7 Canonical, Debian, Mariadb and 4 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. | |||||
| CVE-2016-7861 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2014-1510 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | |||||
| CVE-2014-9674 | 6 Canonical, Fedoraproject, Freetype and 3 more | 11 Ubuntu Linux, Fedora, Freetype and 8 more | 2025-04-12 | 7.5 HIGH | N/A |
| The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. | |||||
| CVE-2014-0247 | 5 Canonical, Fedoraproject, Libreoffice and 2 more | 7 Ubuntu Linux, Fedora, Libreoffice and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
| LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | |||||
| CVE-2016-1673 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2014-3575 | 3 Apache, Libreoffice, Redhat | 5 Openoffice, Libreoffice, Enterprise Linux Desktop and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | |||||
| CVE-2016-4809 | 3 Libarchive, Oracle, Redhat | 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | |||||
| CVE-2014-3693 | 4 Canonical, Libreoffice, Opensuse and 1 more | 6 Ubuntu Linux, Libreoffice, Opensuse and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. | |||||
| CVE-2015-3411 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | |||||
| CVE-2016-2150 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2025-04-12 | 3.6 LOW | 7.1 HIGH |
| SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | |||||
| CVE-2014-7840 | 2 Qemu, Redhat | 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 7.5 HIGH | N/A |
| The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | |||||
| CVE-2016-0636 | 2 Oracle, Redhat | 7 Jdk, Jre, Enterprise Linux Desktop and 4 more | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. | |||||
| CVE-2014-1514 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||
| CVE-2014-4343 | 3 Debian, Mit, Redhat | 6 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 3 more | 2025-04-12 | 7.6 HIGH | N/A |
| Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. | |||||