Total
4171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | |||||
| CVE-2014-9087 | 4 Canonical, Debian, Gnupg and 1 more | 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | |||||
| CVE-2016-1578 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||
| CVE-2014-8502 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. | |||||
| CVE-2015-0400 | 4 Canonical, Novell, Opensuse and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | |||||
| CVE-2014-3560 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2025-04-12 | 7.9 HIGH | N/A |
| NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | |||||
| CVE-2014-9666 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. | |||||
| CVE-2011-1783 | 5 Apache, Apple, Canonical and 2 more | 5 Subversion, Mac Os X, Ubuntu Linux and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | |||||
| CVE-2012-0944 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2025-04-11 | 4.3 MEDIUM | N/A |
| Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. | |||||
| CVE-2010-3116 | 4 Apple, Canonical, Google and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | |||||
| CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2025-04-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | |||||
| CVE-2014-1479 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2025-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. | |||||
| CVE-2014-1489 | 6 Canonical, Mozilla, Opensuse and 3 more | 8 Ubuntu Linux, Firefox, Opensuse and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. | |||||
| CVE-2012-3956 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-1654 | 3 Canonical, Puppet, Puppetlabs | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. | |||||
| CVE-2012-2317 | 2 Canonical, Debian | 4 Php5, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. | |||||
| CVE-2011-2192 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | |||||
| CVE-2013-0211 | 5 Canonical, Fedoraproject, Freebsd and 2 more | 5 Ubuntu Linux, Fedora, Freebsd and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | |||||