Fedora Project Fedora 23

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.

Published: 2017-02-22T16:00:00.000Z
Updated: 2024-08-06T02:50:37.688Z

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Published: 2017-03-27T17:00:00.000Z
Updated: 2024-08-06T02:42:11.253Z

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:42:10.510Z

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

Published: 2017-03-23T18:00:00.000Z
Updated: 2024-08-06T02:35:02.281Z

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

Published: 2017-03-28T14:00:00.000Z
Updated: 2024-08-06T02:35:02.104Z

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.245Z

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.196Z

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.247Z

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.259Z

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.795Z

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.406Z

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.330Z

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.808Z

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.828Z

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Published: 2017-01-19T20:00:00.000Z
Updated: 2024-08-06T02:04:54.955Z

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:50:47.483Z

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Published: 2016-09-21T14:00:00.000Z
Updated: 2024-08-06T01:50:47.472Z

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Published: 2016-09-07T18:00:00.000Z
Updated: 2024-08-06T01:43:38.473Z

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:29:18.318Z

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

Published: 2017-04-14T18:00:00.000Z
Updated: 2024-08-06T01:22:20.922Z

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Published: 2016-08-19T21:00:00.000Z
Updated: 2024-08-06T01:22:20.649Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T01:22:20.678Z

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: 2016-08-02T14:00:00.000Z
Updated: 2024-08-06T01:22:20.675Z

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Published: 2016-08-07T10:00:00.000Z
Updated: 2024-08-06T01:15:09.075Z

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

Published: 2016-08-10T14:00:00.000Z
Updated: 2024-08-06T01:01:00.161Z

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Published: 2016-09-07T20:00:00.000Z
Updated: 2024-08-06T01:01:00.162Z

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

Published: 2017-06-13T17:00:00.000Z
Updated: 2024-08-06T01:00:59.955Z

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.995Z

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.948Z

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.934Z

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Published: 2016-08-12T16:00:00.000Z
Updated: 2024-08-06T01:00:59.957Z

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Published: 2016-06-27T10:00:00.000Z
Updated: 2024-08-06T00:53:48.916Z

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: 2016-11-10T21:00:00.000Z
Updated: 2025-11-04T16:09:08.278Z

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

Published: 2016-09-11T10:00:00.000Z
Updated: 2024-08-06T00:53:48.036Z

A password generation weakness exists in xquest through 2016-06-13.

Published: 2019-11-27T15:55:20.000Z
Updated: 2024-08-06T00:46:39.929Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T00:46:38.449Z

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

Published: 2017-02-03T16:00:00.000Z
Updated: 2024-08-06T00:39:26.335Z

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Published: 2017-02-03T16:00:00.000Z
Updated: 2024-08-06T00:39:26.310Z

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Published: 2016-06-13T19:00:00.000Z
Updated: 2024-08-06T00:25:14.590Z

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:17:30.084Z

The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:17:29.854Z

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Published: 2016-05-05T18:00:00.000Z
Updated: 2024-08-06T00:17:30.800Z

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Published: 2016-04-26T14:00:00.000Z
Updated: 2024-08-06T00:17:30.035Z

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:17:29.996Z

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Published: 2016-04-19T14:00:00.000Z
Updated: 2024-08-06T00:10:31.950Z

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:10:31.950Z

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Published: 2016-05-17T14:00:00.000Z
Updated: 2024-08-06T00:03:34.422Z

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-06T00:03:34.408Z

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-05T23:47:57.465Z

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-05T23:47:57.667Z

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Published: 2016-04-05T20:00:00.000Z
Updated: 2024-08-05T23:47:57.196Z

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Published: 2016-06-03T14:00:00.000Z
Updated: 2024-08-05T23:47:56.875Z

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Published: 2016-06-01T20:00:00.000Z
Updated: 2024-08-05T23:40:15.642Z

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Published: 2016-04-26T14:00:00.000Z
Updated: 2024-08-05T23:40:15.563Z

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Published: 2016-04-18T14:00:00.000Z
Updated: 2024-08-05T23:40:15.578Z

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-05T23:40:15.576Z

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-05T23:40:15.599Z

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Published: 2016-07-19T22:00:00.000Z
Updated: 2024-08-05T23:32:20.813Z

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

Published: 2016-12-13T22:00:00.000Z
Updated: 2024-08-05T23:24:48.604Z

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

Published: 2016-02-22T15:05:00.000Z
Updated: 2024-08-05T23:24:48.520Z

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

Published: 2016-12-23T22:00:00.000Z
Updated: 2024-08-05T23:24:48.951Z

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

Published: 2016-02-19T16:00:00.000Z
Updated: 2024-08-05T23:24:48.617Z

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-05T23:24:48.639Z

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

Published: 2016-04-07T21:00:00.000Z
Updated: 2024-08-05T23:24:48.440Z

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Published: 2017-04-21T20:00:00.000Z
Updated: 2024-08-05T23:17:50.583Z

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

Published: 2016-04-12T14:00:00.000Z
Updated: 2024-08-05T23:17:50.750Z

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.

Published: 2016-04-15T14:00:00.000Z
Updated: 2024-08-05T23:17:50.703Z

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

Published: 2016-04-15T14:00:00.000Z
Updated: 2024-08-05T23:17:50.820Z

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Published: 2016-04-07T21:00:00.000Z
Updated: 2024-08-05T23:17:50.495Z

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.970Z

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.870Z

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.774Z

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:50.143Z

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.979Z

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:50.118Z

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.952Z

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:50.114Z

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

Published: 2016-01-26T19:00:00.000Z
Updated: 2024-08-05T23:10:40.237Z

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

Published: 2016-01-22T15:00:00.000Z
Updated: 2024-08-05T23:02:11.774Z

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

Published: 2020-02-06T14:20:29.000Z
Updated: 2024-08-05T23:02:11.949Z

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-05T23:02:11.867Z

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-05T23:02:11.560Z

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-05T23:02:11.533Z

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-05T23:02:11.563Z

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Published: 2016-01-13T15:00:00.000Z
Updated: 2024-08-05T22:55:14.815Z

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Published: 2016-03-09T23:00:00.000Z
Updated: 2024-08-05T22:48:13.712Z

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Published: 2016-03-09T23:00:00.000Z
Updated: 2024-08-05T22:48:13.763Z

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Published: 2016-01-03T00:00:00.000Z
Updated: 2024-08-05T22:48:13.788Z

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Published: 2016-08-02T14:00:00.000Z
Updated: 2024-08-05T22:48:13.656Z

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Published: 2016-06-01T20:00:00.000Z
Updated: 2024-08-05T22:48:13.662Z

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.

Published: 2016-01-12T20:00:00.000Z
Updated: 2024-08-05T22:48:13.666Z

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

Published: 2016-01-12T20:00:00.000Z
Updated: 2024-08-05T22:48:13.660Z

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Published: 2019-11-27T16:54:34.000Z
Updated: 2024-08-06T03:55:26.422Z

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Published: 2016-04-13T17:00:00.000Z
Updated: 2024-08-05T22:30:04.675Z

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Published: 2016-02-16T02:00:00.000Z
Updated: 2024-08-05T22:30:04.636Z

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Published: 2016-04-13T17:00:00.000Z
Updated: 2024-08-05T22:30:04.158Z

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Published: 2016-04-07T21:00:00.000Z
Updated: 2024-08-05T22:30:03.991Z

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

Published: 2016-02-22T02:00:00.000Z
Updated: 2024-08-05T22:30:04.971Z

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

Published: 2016-02-22T02:00:00.000Z
Updated: 2024-08-05T22:30:03.514Z

Session fixation vulnerability in pcsd in pcs before 0.9.157.

Published: 2017-04-21T15:00:00.000Z
Updated: 2024-08-05T22:30:04.084Z

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Published: 2017-04-21T15:00:00.000Z
Updated: 2024-08-05T22:30:03.990Z

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

Published: 2016-05-06T17:00:00.000Z
Updated: 2024-08-06T08:29:22.157Z

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

Published: 2016-04-13T16:00:00.000Z
Updated: 2024-08-06T08:29:22.027Z

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

Published: 2016-04-19T21:00:00.000Z
Updated: 2024-08-06T08:29:22.111Z

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Published: 2016-04-19T21:00:00.000Z
Updated: 2024-08-06T08:29:21.859Z

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

Published: 2016-04-19T21:00:00.000Z
Updated: 2024-08-06T08:29:21.646Z

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

Published: 2017-04-13T17:00:00.000Z
Updated: 2024-08-06T08:20:43.293Z

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Published: 2016-04-14T14:00:00.000Z
Updated: 2024-08-06T08:20:42.512Z

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

Published: 2016-01-13T15:00:00.000Z
Updated: 2024-08-06T08:20:41.735Z

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

Published: 2016-01-12T19:00:00.000Z
Updated: 2024-08-06T08:13:32.892Z

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Published: 2015-12-16T00:00:00.000Z
Updated: 2024-10-21T16:51:57.721Z

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Published: 2015-11-13T02:00:00.000Z
Updated: 2024-08-06T08:13:31.073Z

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

Published: 2016-04-18T14:00:00.000Z
Updated: 2024-08-06T08:13:31.044Z

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Published: 2017-12-29T22:00:00.000Z
Updated: 2024-08-06T08:06:31.575Z

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Published: 2017-01-30T21:00:00.000Z
Updated: 2024-08-06T08:06:31.485Z

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

Published: 2020-02-19T20:27:49.000Z
Updated: 2024-08-06T07:58:59.974Z

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

Published: 2017-10-16T18:00:00.000Z
Updated: 2024-08-06T07:58:59.610Z

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.

Published: 2016-02-08T02:00:00.000Z
Updated: 2024-08-06T07:51:28.131Z

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

Published: 2015-11-24T20:00:00.000Z
Updated: 2024-08-06T07:51:28.109Z

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.763Z

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.807Z

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.664Z

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.959Z

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.770Z

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.344Z

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.655Z

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.535Z

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.394Z

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:46.148Z

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:46.136Z

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.448Z

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.905Z

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.692Z

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.687Z

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.652Z

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.696Z

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.703Z

Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:45.636Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:46.110Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2015-12-16T11:00:00.000Z
Updated: 2024-08-06T07:43:44.975Z

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.

Published: 2015-09-21T19:00:00.000Z
Updated: 2024-08-06T07:36:34.863Z

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Published: 2015-11-06T21:00:00.000Z
Updated: 2024-08-06T07:36:34.777Z

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

Published: 2017-08-09T18:00:00.000Z
Updated: 2024-08-06T07:29:25.323Z

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Published: 2020-01-31T21:38:47.000Z
Updated: 2024-08-06T07:29:24.837Z

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

Published: 2015-08-24T14:00:00.000Z
Updated: 2024-08-06T07:29:24.441Z

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Published: 2015-08-24T14:00:00.000Z
Updated: 2024-08-06T07:22:22.231Z

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Published: 2020-01-23T19:35:16.000Z
Updated: 2024-08-06T06:59:04.271Z

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.

Published: 2016-01-20T16:00:00.000Z
Updated: 2024-08-06T06:41:09.527Z

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.

Published: 2015-11-02T19:00:00.000Z
Updated: 2024-08-06T06:41:09.530Z

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: 2020-01-23T19:40:18.000Z
Updated: 2024-08-06T06:41:09.527Z

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Published: 2015-10-27T16:00:00.000Z
Updated: 2024-08-06T06:41:09.189Z

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

Published: 2017-08-22T18:00:00.000Z
Updated: 2024-08-06T06:41:08.598Z

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Published: 2016-01-08T19:00:00.000Z
Updated: 2024-08-06T06:41:08.759Z

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Published: 2020-01-23T19:52:32.000Z
Updated: 2024-08-06T06:41:08.706Z

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Published: 2015-11-06T21:00:00.000Z
Updated: 2024-08-06T06:41:08.516Z

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-07-25T18:00:00.000Z
Updated: 2024-08-06T06:41:08.383Z

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:08.551Z

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-08-02T19:00:00.000Z
Updated: 2024-08-06T06:41:07.991Z

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:07.979Z

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: 2015-08-12T14:00:00.000Z
Updated: 2024-08-06T06:32:32.900Z

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Published: 2017-08-24T20:00:00.000Z
Updated: 2024-08-06T06:32:32.912Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:32:30.884Z

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:22.032Z

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:21.944Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:22.107Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:21.901Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:21.956Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

Published: 2015-10-21T23:00:00.000Z
Updated: 2024-08-06T06:25:21.724Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.866Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.970Z

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.881Z

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.890Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.939Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.887Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.858Z

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

Published: 2015-10-21T21:00:00.000Z
Updated: 2024-08-06T06:25:21.637Z

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T06:18:11.043Z

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T06:11:12.775Z

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T05:24:38.087Z

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Published: 2017-04-13T14:00:00.000Z
Updated: 2024-08-06T04:54:16.419Z

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Published: 2017-04-13T14:00:00.000Z
Updated: 2024-08-06T04:54:16.420Z

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: 2015-08-14T18:00:00.000Z
Updated: 2024-08-06T04:54:16.300Z

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:33:19.377Z

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Published: 2016-04-19T21:00:00.000Z
Updated: 2024-08-06T13:55:04.586Z