Fedora 20

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Published: 2015-06-03T20:00:00.000Z
Updated: 2024-08-06T06:04:02.899Z

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Published: 2015-05-29T15:00:00.000Z
Updated: 2024-08-06T06:04:02.635Z

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T05:47:57.803Z

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

Published: 2017-09-19T15:00:00.000Z
Updated: 2024-08-06T05:47:57.729Z

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Published: 2015-04-28T14:00:00.000Z
Updated: 2024-08-06T05:47:57.338Z

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Published: 2015-06-15T15:00:00.000Z
Updated: 2024-08-06T05:39:31.977Z

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published: 2015-05-27T10:00:00.000Z
Updated: 2024-08-06T05:32:20.794Z

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

Published: 2015-04-10T14:00:00.000Z
Updated: 2024-08-06T05:24:39.011Z

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

Published: 2019-11-21T19:48:14.000Z
Updated: 2024-08-06T05:24:39.090Z

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T05:24:38.859Z

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.802Z

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.745Z

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.813Z

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Published: 2015-03-09T17:00:00.000Z
Updated: 2024-08-06T05:10:15.545Z

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

Published: 2015-03-27T14:00:00.000Z
Updated: 2024-08-06T05:10:14.276Z

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Published: 2015-03-18T16:00:00.000Z
Updated: 2024-08-06T05:10:14.268Z

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Published: 2015-03-12T14:00:00.000Z
Updated: 2024-08-06T05:10:14.456Z

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Published: 2015-03-12T14:00:00.000Z
Updated: 2024-08-06T05:02:43.086Z

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

Published: 2015-05-18T15:00:00.000Z
Updated: 2024-08-06T04:54:16.393Z

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.328Z

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.334Z

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.434Z

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

Published: 2017-08-11T21:00:00.000Z
Updated: 2024-08-06T04:54:16.109Z

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Published: 2015-03-13T14:00:00.000Z
Updated: 2024-08-06T04:54:16.099Z

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:47:16.237Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:47:16.196Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:40:18.799Z

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

Published: 2017-08-25T18:00:00.000Z
Updated: 2024-08-06T04:40:18.688Z

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

Published: 2015-01-15T15:00:00.000Z
Updated: 2024-08-06T04:33:20.209Z

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Published: 2015-02-28T02:00:00.000Z
Updated: 2024-08-06T04:26:11.412Z

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

Published: 2015-04-14T18:00:00.000Z
Updated: 2024-08-06T04:26:10.430Z

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Published: 2015-03-16T14:00:00.000Z
Updated: 2024-08-06T04:26:09.821Z

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T04:10:11.059Z

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T04:10:11.026Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Published: 2015-01-21T19:00:00.000Z
Updated: 2024-08-06T04:10:10.442Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

Published: 2015-01-21T19:00:00.000Z
Updated: 2024-08-06T04:10:10.461Z

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:10.293Z

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:10.450Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:10.498Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:09.591Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:09.528Z

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

Published: 2017-10-06T22:00:00.000Z
Updated: 2024-08-06T04:03:10.859Z

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.

Published: 2015-03-25T14:00:00.000Z
Updated: 2024-08-06T04:03:10.962Z

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

Published: 2015-03-24T17:00:00.000Z
Updated: 2024-08-06T04:03:10.501Z

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Published: 2015-02-17T15:00:00.000Z
Updated: 2024-08-06T04:03:10.673Z

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

Published: 2015-02-19T15:00:00.000Z
Updated: 2024-08-06T13:55:04.484Z

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.532Z

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.116Z

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.552Z

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.547Z

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.949Z

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.576Z

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.949Z

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.093Z

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.941Z

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.970Z

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.926Z

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.921Z

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.943Z

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:03.974Z

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:03.780Z

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.970Z

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:47:41.814Z

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Published: 2015-01-23T15:00:00.000Z
Updated: 2024-08-06T13:47:41.714Z

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

Published: 2015-01-23T15:00:00.000Z
Updated: 2024-08-06T13:47:41.738Z

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

Published: 2017-08-25T18:00:00.000Z
Updated: 2024-08-06T13:47:41.811Z

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Published: 2015-02-06T15:00:00.000Z
Updated: 2024-08-06T13:47:41.812Z

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Published: 2015-01-09T21:00:00.000Z
Updated: 2024-08-06T13:47:41.340Z

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

Published: 2015-01-06T15:00:00.000Z
Updated: 2024-08-06T13:47:41.391Z

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

Published: 2015-02-19T15:00:00.000Z
Updated: 2024-08-06T13:47:41.359Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T13:40:25.115Z

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Published: 2017-03-31T15:00:00.000Z
Updated: 2025-12-04T20:21:07.498Z

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Published: 2014-11-26T15:00:00.000Z
Updated: 2024-08-06T13:33:13.508Z

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

Published: 2017-10-10T13:00:00.000Z
Updated: 2024-08-06T13:33:13.553Z

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

Published: 2014-12-05T16:00:00.000Z
Updated: 2024-08-06T13:33:12.676Z

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Published: 2014-12-16T18:00:00.000Z
Updated: 2024-08-06T13:33:12.895Z

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

Published: 2015-01-15T15:00:00.000Z
Updated: 2024-08-06T13:26:02.477Z

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:26:02.580Z

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Published: 2015-02-01T15:00:00.000Z
Updated: 2024-08-06T13:26:02.521Z

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.524Z

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.496Z

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.448Z

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.383Z

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

Published: 2014-12-10T01:00:00.000Z
Updated: 2024-08-06T13:18:48.494Z

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.351Z

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.421Z

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Published: 2014-12-29T00:00:00.000Z
Updated: 2024-08-06T13:10:51.048Z

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

Published: 2017-12-29T22:00:00.000Z
Updated: 2024-08-06T13:10:50.759Z

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Published: 2020-02-17T21:39:04.000Z
Updated: 2024-08-06T13:10:50.852Z

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Published: 2014-11-24T15:00:00.000Z
Updated: 2024-08-06T13:03:27.104Z

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

Published: 2018-03-08T20:00:00.000Z
Updated: 2024-08-06T12:47:32.269Z

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

Published: 2018-03-08T20:00:00.000Z
Updated: 2024-08-06T12:47:32.910Z

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.

Published: 2014-10-02T14:00:00.000Z
Updated: 2024-08-06T12:40:19.135Z

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

Published: 2014-10-02T14:00:00.000Z
Updated: 2024-08-06T12:40:19.112Z

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

Published: 2015-01-21T15:00:00.000Z
Updated: 2024-08-06T12:17:24.345Z

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

Published: 2014-10-08T17:00:00.000Z
Updated: 2024-08-06T12:17:23.629Z

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Published: 2014-09-30T16:00:00.000Z
Updated: 2024-08-06T12:03:02.304Z

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Published: 2014-09-30T16:00:00.000Z
Updated: 2024-08-06T12:03:02.339Z

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

Published: 2019-11-18T22:03:43.000Z
Updated: 2024-08-06T11:34:37.210Z

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

Published: 2014-07-29T14:00:00.000Z
Updated: 2024-08-06T11:27:36.988Z

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Published: 2014-07-02T01:00:00.000Z
Updated: 2024-08-06T11:27:35.278Z

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Published: 2014-07-20T10:00:00.000Z
Updated: 2024-08-06T11:12:35.155Z

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Published: 2020-01-24T18:29:32.000Z
Updated: 2024-08-06T11:04:28.882Z

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Published: 2014-06-04T10:00:00.000Z
Updated: 2024-08-06T10:57:18.265Z

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: 2014-10-15T00:00:00.000Z
Updated: 2026-05-28T17:35:01.304Z

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

Published: 2014-07-23T14:00:00.000Z
Updated: 2024-08-06T10:50:16.895Z

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11T14:00:00.000Z
Updated: 2024-08-06T10:43:06.319Z

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Published: 2014-06-05T21:00:00.000Z
Updated: 2024-08-06T10:43:06.356Z

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Published: 2014-05-21T10:00:00.000Z
Updated: 2024-08-06T10:35:56.561Z

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published: 2018-02-01T17:00:00.000Z
Updated: 2024-08-06T10:28:46.259Z

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Published: 2014-04-01T01:00:00.000Z
Updated: 2024-08-06T10:21:36.016Z

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

Published: 2020-01-28T14:15:51.000Z
Updated: 2024-08-06T10:21:35.220Z

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Published: 2014-08-20T14:00:00.000Z
Updated: 2024-08-06T10:14:26.704Z

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Published: 2014-04-23T14:00:00.000Z
Updated: 2024-08-06T10:14:25.109Z

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 2014-03-27T16:00:00.000Z
Updated: 2024-08-06T10:06:00.426Z

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Published: 2014-04-18T19:00:00.000Z
Updated: 2024-08-06T10:06:00.091Z

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Published: 2014-04-18T19:00:00.000Z
Updated: 2024-08-06T10:06:00.334Z

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

Published: 2018-01-08T19:00:00.000Z
Updated: 2024-08-06T09:58:15.596Z

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Published: 2014-05-08T14:00:00.000Z
Updated: 2024-08-06T09:50:10.755Z

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Published: 2014-05-08T14:00:00.000Z
Updated: 2024-08-06T09:50:09.977Z

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.650Z

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.509Z

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.529Z

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.282Z

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.209Z

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.223Z

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.171Z

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.208Z

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.194Z

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.281Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.181Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2014-04-30T10:00:00.000Z
Updated: 2024-08-06T09:42:36.283Z

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.

Published: 2014-04-20T01:00:00.000Z
Updated: 2024-08-06T09:42:36.285Z

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:36.031Z

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:36.290Z

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:35.982Z

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:36.212Z

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:35.543Z

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:35.868Z

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:35.791Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2014-02-06T02:00:00.000Z
Updated: 2024-08-06T09:42:35.412Z

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

Published: 2018-04-10T15:00:00.000Z
Updated: 2024-08-06T09:42:34.947Z

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

Published: 2018-04-10T15:00:00.000Z
Updated: 2024-08-06T09:42:36.011Z

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

Published: 2018-04-10T15:00:00.000Z
Updated: 2024-08-06T09:42:35.339Z

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Published: 2014-06-05T21:00:00.000Z
Updated: 2024-08-06T09:05:39.462Z

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Published: 2014-06-05T21:00:00.000Z
Updated: 2024-08-06T09:05:39.372Z

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Published: 2014-05-06T10:00:00.000Z
Updated: 2024-08-06T09:05:39.267Z

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Published: 2014-06-05T21:00:00.000Z
Updated: 2024-08-06T09:05:39.286Z

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

Published: 2014-05-08T14:00:00.000Z
Updated: 2024-08-06T09:05:39.205Z

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published: 2014-04-07T00:00:00.000Z
Updated: 2025-10-22T00:05:38.217Z

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Published: 2020-02-11T03:30:50.000Z
Updated: 2024-08-06T09:05:38.968Z

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

Published: 2014-07-29T14:00:00.000Z
Updated: 2024-08-06T09:05:39.021Z

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Published: 2019-11-15T14:35:31.000Z
Updated: 2024-08-06T08:58:26.538Z

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.

Published: 2014-02-04T16:00:00.000Z
Updated: 2024-08-06T08:58:26.559Z

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Published: 2014-01-20T11:00:00.000Z
Updated: 2024-08-06T08:58:26.557Z

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:46:22.836Z

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:46:22.175Z

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:46:22.682Z

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Published: 2013-11-15T20:00:00.000Z
Updated: 2024-08-06T17:46:22.170Z

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

Published: 2014-12-02T01:00:00.000Z
Updated: 2024-08-06T17:46:22.207Z

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.

Published: 2014-04-15T18:00:00.000Z
Updated: 2024-08-06T17:39:01.476Z

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

Published: 2014-04-21T14:00:00.000Z
Updated: 2024-08-06T17:39:01.065Z

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

Published: 2014-04-21T14:00:00.000Z
Updated: 2024-08-06T17:39:01.190Z

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.507Z

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.442Z

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.432Z

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.503Z

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.472Z

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.465Z

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.506Z

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.646Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.418Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.492Z

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Published: 2019-11-05T21:16:59.000Z
Updated: 2024-08-06T17:06:50.907Z

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

Published: 2013-12-24T18:00:00.000Z
Updated: 2024-08-06T16:45:14.842Z

Review Board: URL processing gives unauthorized users access to review lists

Published: 2019-12-03T14:39:53.000Z
Updated: 2024-08-06T16:45:14.255Z

ReviewBoard: has an access-control problem in REST API

Published: 2019-12-02T17:36:52.000Z
Updated: 2024-08-06T16:45:14.855Z

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Published: 2019-11-04T20:45:44.000Z
Updated: 2024-08-06T16:45:14.736Z

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: 2019-11-04T19:21:42.000Z
Updated: 2024-08-06T16:38:01.948Z

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Published: 2013-09-30T20:00:00.000Z
Updated: 2024-08-06T16:38:01.462Z

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

Published: 2014-01-16T02:00:00.000Z
Updated: 2024-08-06T15:27:40.955Z

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Published: 2014-10-31T14:00:00.000Z
Updated: 2024-08-06T14:25:09.692Z

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

Published: 2020-01-28T15:53:24.000Z
Updated: 2024-08-06T14:18:09.615Z

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Published: 2019-12-02T17:41:11.000Z
Updated: 2024-08-06T20:35:09.519Z

connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.

Published: 2013-12-24T19:00:00.000Z
Updated: 2024-08-07T00:30:46.905Z

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Published: 2020-02-05T19:35:35.000Z
Updated: 2024-08-07T04:17:10.223Z

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Published: 2014-04-14T16:00:00.000Z
Updated: 2024-08-07T04:17:10.312Z