Fedora 24

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Published: 2017-06-01T16:00:00.000Z
Updated: 2024-08-05T16:34:22.740Z

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

Published: 2017-03-15T19:00:00.000Z
Updated: 2024-08-05T15:11:48.913Z

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Published: 2017-08-23T14:00:00.000Z
Updated: 2024-08-05T18:12:40.456Z

game-music-emu before 0.6.1 mishandles unspecified integer values.

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.619Z

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.835Z

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

Published: 2017-02-22T16:00:00.000Z
Updated: 2024-08-06T03:07:31.793Z

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Published: 2017-03-27T17:00:00.000Z
Updated: 2024-08-06T02:42:11.253Z

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:42:10.510Z

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:42:10.554Z

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Published: 2016-12-09T20:00:00.000Z
Updated: 2024-08-06T02:35:02.332Z

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Published: 2016-12-09T20:00:00.000Z
Updated: 2024-08-06T02:35:02.828Z

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

Published: 2017-03-23T18:00:00.000Z
Updated: 2024-08-06T02:35:02.281Z

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

Published: 2017-03-28T14:00:00.000Z
Updated: 2024-08-06T02:35:02.104Z

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.247Z

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.259Z

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.795Z

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.406Z

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.330Z

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.808Z

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.828Z

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.136Z

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.532Z

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.552Z

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.558Z

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.128Z

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.319Z

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.789Z

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.322Z

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.529Z

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.517Z

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Published: 2017-01-19T20:00:00.000Z
Updated: 2024-08-06T02:04:54.955Z

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:50:47.483Z

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Published: 2016-09-21T14:00:00.000Z
Updated: 2024-08-06T01:50:47.472Z

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T01:43:38.418Z

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Published: 2016-09-07T18:00:00.000Z
Updated: 2024-08-06T01:43:38.473Z

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Published: 2016-08-07T00:00:00.000Z
Updated: 2024-08-06T01:29:20.223Z

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

Published: 2017-06-27T20:00:00.000Z
Updated: 2024-08-06T01:29:19.441Z

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:29:18.318Z

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

Published: 2017-04-14T18:00:00.000Z
Updated: 2024-08-06T01:22:20.922Z

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Published: 2016-08-19T21:00:00.000Z
Updated: 2024-08-06T01:22:20.649Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T01:22:20.678Z

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Published: 2017-03-23T16:00:00.000Z
Updated: 2024-08-06T01:22:20.639Z

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: 2016-08-02T14:00:00.000Z
Updated: 2024-08-06T01:22:20.675Z

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

Published: 2016-09-26T00:00:00.000Z
Updated: 2024-08-06T01:22:20.620Z

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Published: 2016-08-07T10:00:00.000Z
Updated: 2024-08-06T01:15:09.075Z

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

Published: 2016-08-10T14:00:00.000Z
Updated: 2024-08-06T01:01:00.161Z

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T01:00:59.993Z

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Published: 2016-09-07T20:00:00.000Z
Updated: 2024-08-06T01:01:00.162Z

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

Published: 2017-06-13T17:00:00.000Z
Updated: 2024-08-06T01:00:59.955Z

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.995Z

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.948Z

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Published: 2016-07-19T01:00:00.000Z
Updated: 2024-08-06T01:00:59.934Z

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Published: 2016-08-12T16:00:00.000Z
Updated: 2024-08-06T01:00:59.957Z

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Published: 2016-06-27T10:00:00.000Z
Updated: 2024-08-06T00:53:48.916Z

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: 2016-11-10T21:00:00.000Z
Updated: 2025-11-04T16:09:08.278Z

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T00:53:48.178Z

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T00:53:48.254Z

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

Published: 2016-09-11T10:00:00.000Z
Updated: 2024-08-06T00:53:48.036Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T00:46:38.449Z

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

Published: 2017-02-03T16:00:00.000Z
Updated: 2024-08-06T00:39:26.335Z

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Published: 2017-02-03T16:00:00.000Z
Updated: 2024-08-06T00:39:26.310Z

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.862Z

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.788Z

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.783Z

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.802Z

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.654Z

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.762Z

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.613Z

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Published: 2016-05-22T01:00:00.000Z
Updated: 2024-08-06T00:32:25.725Z

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Published: 2016-05-23T10:00:00.000Z
Updated: 2024-08-06T00:32:25.667Z

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Published: 2016-06-13T19:00:00.000Z
Updated: 2024-08-06T00:25:14.590Z

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:17:30.084Z

The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:17:29.854Z

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Published: 2016-05-05T18:00:00.000Z
Updated: 2024-08-06T00:17:30.800Z

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Published: 2016-04-26T14:00:00.000Z
Updated: 2024-08-06T00:17:30.035Z

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:17:29.996Z

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Published: 2016-04-19T14:00:00.000Z
Updated: 2024-08-06T00:10:31.950Z

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

Published: 2016-05-23T19:00:00.000Z
Updated: 2024-08-06T00:10:31.950Z

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Published: 2016-06-10T15:00:00.000Z
Updated: 2024-08-06T00:03:34.502Z

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.

Published: 2017-06-13T17:00:00.000Z
Updated: 2024-08-06T00:03:34.496Z

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

Published: 2017-06-13T16:00:00.000Z
Updated: 2024-08-06T00:03:34.421Z

Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.

Published: 2016-04-15T15:00:00.000Z
Updated: 2024-08-05T23:47:57.377Z

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Published: 2016-06-03T14:00:00.000Z
Updated: 2024-08-05T23:47:56.875Z

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

Published: 2017-06-08T19:00:00.000Z
Updated: 2024-08-05T23:40:15.608Z

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Published: 2016-04-26T14:00:00.000Z
Updated: 2024-08-05T23:40:15.563Z

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Published: 2016-04-18T14:00:00.000Z
Updated: 2024-08-05T23:40:15.578Z

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Published: 2016-05-13T14:00:00.000Z
Updated: 2024-08-05T23:32:21.226Z

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

Published: 2016-05-13T14:00:00.000Z
Updated: 2024-08-05T23:32:21.324Z

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Published: 2016-07-19T22:00:00.000Z
Updated: 2024-08-05T23:32:20.813Z

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

Published: 2016-12-13T22:00:00.000Z
Updated: 2024-08-05T23:24:48.604Z

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Published: 2017-04-21T20:00:00.000Z
Updated: 2024-08-05T23:17:50.583Z

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

Published: 2017-01-13T16:00:00.000Z
Updated: 2024-08-05T23:17:50.696Z

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Published: 2016-02-20T01:00:00.000Z
Updated: 2024-08-05T23:17:49.952Z

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Published: 2016-03-09T23:00:00.000Z
Updated: 2024-08-05T22:48:13.712Z

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Published: 2016-03-09T23:00:00.000Z
Updated: 2024-08-05T22:48:13.763Z

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Published: 2017-12-05T16:00:00.000Z
Updated: 2024-08-05T22:48:13.662Z

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Published: 2016-08-02T14:00:00.000Z
Updated: 2024-08-05T22:48:13.656Z

Pagure: XSS possible in file attachment endpoint

Published: 2019-11-06T18:27:55.000Z
Updated: 2024-08-06T03:47:34.824Z

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Published: 2016-04-07T21:00:00.000Z
Updated: 2024-08-05T22:30:03.991Z

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Published: 2019-11-04T20:27:33.000Z
Updated: 2024-08-06T08:36:31.253Z

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

Published: 2016-06-13T19:00:00.000Z
Updated: 2024-08-06T08:29:22.141Z

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

Published: 2016-04-18T14:00:00.000Z
Updated: 2024-08-06T08:13:31.044Z

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

Published: 2016-05-13T14:00:00.000Z
Updated: 2024-08-06T07:58:59.942Z

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-07-25T18:00:00.000Z
Updated: 2024-08-06T06:41:08.383Z

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-08-02T19:00:00.000Z
Updated: 2024-08-06T06:41:07.991Z

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T06:18:11.043Z

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T06:11:12.775Z

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 2015-06-17T18:00:00.000Z
Updated: 2024-08-06T05:24:38.087Z

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

Published: 2017-02-15T15:00:00.000Z
Updated: 2024-08-06T18:09:16.939Z