Fedora 21

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Published: 2015-11-13T02:00:00.000Z
Updated: 2024-08-06T08:13:31.073Z

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.

Published: 2015-11-02T19:00:00.000Z
Updated: 2024-08-06T08:06:31.616Z

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Published: 2017-12-29T22:00:00.000Z
Updated: 2024-08-06T08:06:31.575Z

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.

Published: 2015-11-09T16:00:00.000Z
Updated: 2024-08-06T07:43:46.166Z

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.

Published: 2015-09-21T19:00:00.000Z
Updated: 2024-08-06T07:36:34.863Z

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Published: 2015-11-06T21:00:00.000Z
Updated: 2024-08-06T07:36:34.777Z

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

Published: 2017-08-09T18:00:00.000Z
Updated: 2024-08-06T07:29:25.323Z

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Published: 2020-01-31T21:38:47.000Z
Updated: 2024-08-06T07:29:24.837Z

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

Published: 2015-08-24T14:00:00.000Z
Updated: 2024-08-06T07:29:24.441Z

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

Published: 2016-01-11T15:00:00.000Z
Updated: 2024-08-06T07:22:22.283Z

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Published: 2020-01-23T19:35:16.000Z
Updated: 2024-08-06T06:59:04.271Z

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

Published: 2017-10-18T20:00:00.000Z
Updated: 2024-08-06T06:59:04.387Z

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

Published: 2017-10-18T20:00:00.000Z
Updated: 2024-08-06T06:59:04.114Z

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

Published: 2017-09-06T21:00:00.000Z
Updated: 2024-08-06T06:59:04.310Z

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

Published: 2017-09-25T21:00:00.000Z
Updated: 2024-08-06T06:59:04.278Z

Cross-site request forgery in the REST API in IPython 2 and 3.

Published: 2017-09-20T16:00:00.000Z
Updated: 2024-08-06T06:50:03.292Z

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:09.519Z

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.

Published: 2015-11-02T19:00:00.000Z
Updated: 2024-08-06T06:41:09.530Z

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: 2020-01-23T19:40:18.000Z
Updated: 2024-08-06T06:41:09.527Z

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Published: 2015-10-27T16:00:00.000Z
Updated: 2024-08-06T06:41:09.189Z

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Published: 2020-01-23T19:52:32.000Z
Updated: 2024-08-06T06:41:08.706Z

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09T14:00:00.000Z
Updated: 2024-08-06T06:41:08.683Z

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09T14:00:00.000Z
Updated: 2024-08-06T06:41:08.613Z

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Published: 2015-11-06T21:00:00.000Z
Updated: 2024-08-06T06:41:08.516Z

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:08.551Z

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:07.979Z

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Published: 2017-07-21T14:00:00.000Z
Updated: 2024-08-06T06:41:08.328Z

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Published: 2015-08-12T14:00:00.000Z
Updated: 2024-08-06T06:41:07.558Z

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Published: 2015-08-12T14:00:00.000Z
Updated: 2024-08-06T06:41:07.966Z

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: 2015-08-12T14:00:00.000Z
Updated: 2024-08-06T06:32:32.900Z

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Published: 2017-08-24T20:00:00.000Z
Updated: 2024-08-06T06:32:32.912Z

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

Published: 2017-09-26T14:00:00.000Z
Updated: 2024-08-06T06:32:32.759Z

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

Published: 2017-09-26T14:00:00.000Z
Updated: 2024-08-06T06:32:32.740Z

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

Published: 2017-03-17T14:00:00.000Z
Updated: 2024-08-06T06:18:12.164Z

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Published: 2015-10-26T19:00:00.000Z
Updated: 2024-08-06T06:18:12.015Z

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.

Published: 2015-07-01T14:00:00.000Z
Updated: 2024-08-06T06:18:12.108Z

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Published: 2015-08-16T01:00:00.000Z
Updated: 2024-08-06T06:18:11.566Z

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Published: 2020-02-20T16:24:22.000Z
Updated: 2024-08-06T06:11:12.989Z

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Published: 2020-02-20T16:24:26.000Z
Updated: 2024-08-06T06:11:13.071Z

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Published: 2015-06-03T20:00:00.000Z
Updated: 2024-08-06T06:04:02.899Z

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Published: 2015-05-29T15:00:00.000Z
Updated: 2024-08-06T06:04:02.635Z

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Published: 2015-05-19T18:00:00.000Z
Updated: 2024-08-06T05:56:16.330Z

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T05:47:57.733Z

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T05:47:57.803Z

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

Published: 2017-09-19T15:00:00.000Z
Updated: 2024-08-06T05:47:57.729Z

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Published: 2017-08-09T16:00:00.000Z
Updated: 2024-08-06T05:47:57.539Z

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Published: 2015-04-28T14:00:00.000Z
Updated: 2024-08-06T05:47:57.338Z

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Published: 2015-06-15T15:00:00.000Z
Updated: 2024-08-06T05:39:31.977Z

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Published: 2016-07-12T19:00:00.000Z
Updated: 2024-08-06T05:39:31.943Z

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Published: 2016-05-16T10:00:00.000Z
Updated: 2024-08-06T05:39:32.049Z

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Published: 2015-04-24T14:00:00.000Z
Updated: 2024-08-06T05:39:31.988Z

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

Published: 2016-04-13T17:00:00.000Z
Updated: 2024-08-06T05:39:32.028Z

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Published: 2015-04-24T14:00:00.000Z
Updated: 2024-08-06T05:39:30.959Z

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published: 2015-05-27T10:00:00.000Z
Updated: 2024-08-06T05:32:20.794Z

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

Published: 2015-04-10T14:00:00.000Z
Updated: 2024-08-06T05:24:39.011Z

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

Published: 2019-11-21T19:48:14.000Z
Updated: 2024-08-06T05:24:39.090Z

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T05:24:38.859Z

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.802Z

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.745Z

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

Published: 2015-04-01T14:00:00.000Z
Updated: 2024-08-06T05:24:38.813Z

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Published: 2015-05-27T10:00:00.000Z
Updated: 2024-08-06T05:24:37.938Z

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Published: 2015-03-09T17:00:00.000Z
Updated: 2024-08-06T05:10:15.545Z

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Published: 2015-03-24T17:00:00.000Z
Updated: 2024-08-06T05:10:14.450Z

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Published: 2015-03-18T16:00:00.000Z
Updated: 2024-08-06T05:10:14.268Z

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Published: 2015-03-12T14:00:00.000Z
Updated: 2024-08-06T05:10:14.456Z

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Published: 2015-08-12T14:00:00.000Z
Updated: 2024-08-06T05:02:43.426Z

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Published: 2015-03-12T14:00:00.000Z
Updated: 2024-08-06T05:02:43.086Z

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

Published: 2015-05-18T15:00:00.000Z
Updated: 2024-08-06T04:54:16.393Z

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.328Z

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.334Z

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

Published: 2015-05-12T19:00:00.000Z
Updated: 2024-08-06T04:54:16.434Z

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.

Published: 2015-07-26T22:00:00.000Z
Updated: 2024-08-06T04:54:16.349Z

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

Published: 2015-03-30T14:00:00.000Z
Updated: 2024-08-06T04:54:16.320Z

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

Published: 2017-08-11T21:00:00.000Z
Updated: 2024-08-06T04:54:16.109Z

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Published: 2015-03-13T14:00:00.000Z
Updated: 2024-08-06T04:54:16.099Z

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Published: 2016-01-12T19:00:00.000Z
Updated: 2024-08-06T04:54:15.943Z

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Published: 2015-04-28T14:00:00.000Z
Updated: 2024-08-06T04:54:16.419Z

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

Published: 2015-03-30T14:00:00.000Z
Updated: 2024-08-06T04:47:17.478Z

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Published: 2015-02-09T11:00:00.000Z
Updated: 2024-08-06T04:47:16.973Z

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

Published: 2015-03-09T14:00:00.000Z
Updated: 2024-08-06T04:47:16.215Z

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:47:16.237Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:47:16.196Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:40:18.799Z

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T04:40:18.907Z

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

Published: 2017-08-25T18:00:00.000Z
Updated: 2024-08-06T04:40:18.688Z

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

Published: 2015-03-09T14:00:00.000Z
Updated: 2024-08-06T04:33:20.747Z

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

Published: 2015-01-15T15:00:00.000Z
Updated: 2024-08-06T04:33:20.209Z

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Published: 2015-02-28T02:00:00.000Z
Updated: 2024-08-06T04:26:11.412Z

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

Published: 2015-07-01T14:00:00.000Z
Updated: 2024-08-06T04:26:11.261Z

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

Published: 2015-04-14T18:00:00.000Z
Updated: 2024-08-06T04:26:10.430Z

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Published: 2015-03-16T14:00:00.000Z
Updated: 2024-08-06T04:26:09.821Z

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T04:10:11.059Z

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

Published: 2015-04-08T18:00:00.000Z
Updated: 2024-08-06T04:10:11.026Z

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:10:10.450Z

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

Published: 2017-10-06T22:00:00.000Z
Updated: 2024-08-06T04:03:10.859Z

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.

Published: 2015-03-25T14:00:00.000Z
Updated: 2024-08-06T04:03:10.962Z

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

Published: 2015-05-18T15:00:00.000Z
Updated: 2024-08-06T04:03:10.551Z

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

Published: 2015-03-24T17:00:00.000Z
Updated: 2024-08-06T04:03:10.501Z

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Published: 2015-02-17T15:00:00.000Z
Updated: 2024-08-06T04:03:10.673Z

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

Published: 2015-02-19T15:00:00.000Z
Updated: 2024-08-06T13:55:04.484Z

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.532Z

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.116Z

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.552Z

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.547Z

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.949Z

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.576Z

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.949Z

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:04.093Z

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.941Z

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.970Z

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.926Z

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.921Z

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.943Z

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:03.974Z

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:03.780Z

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:55:02.970Z

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Published: 2015-02-08T11:00:00.000Z
Updated: 2024-08-06T13:47:41.814Z

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Published: 2015-01-23T15:00:00.000Z
Updated: 2024-08-06T13:47:41.714Z

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

Published: 2015-01-23T15:00:00.000Z
Updated: 2024-08-06T13:47:41.738Z

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

Published: 2017-08-25T18:00:00.000Z
Updated: 2024-08-06T13:47:41.811Z

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Published: 2015-02-06T15:00:00.000Z
Updated: 2024-08-06T13:47:41.812Z

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Published: 2015-01-16T16:00:00.000Z
Updated: 2024-08-06T13:47:41.668Z

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Published: 2015-01-09T21:00:00.000Z
Updated: 2024-08-06T13:47:41.817Z

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Published: 2015-01-09T21:00:00.000Z
Updated: 2024-08-06T13:47:41.340Z

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

Published: 2015-03-09T14:00:00.000Z
Updated: 2024-08-06T13:47:40.986Z

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

Published: 2015-02-19T15:00:00.000Z
Updated: 2024-08-06T13:47:41.359Z

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Published: 2015-01-02T20:00:00.000Z
Updated: 2024-08-06T13:47:41.536Z

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Published: 2015-02-03T16:00:00.000Z
Updated: 2024-08-06T13:40:25.115Z

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:40:24.592Z

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Published: 2015-01-07T19:00:00.000Z
Updated: 2024-08-06T13:40:24.879Z

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

Published: 2014-12-03T01:00:00.000Z
Updated: 2024-08-06T13:40:24.630Z

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Published: 2017-03-31T15:00:00.000Z
Updated: 2025-12-04T20:21:07.498Z

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

Published: 2017-10-10T13:00:00.000Z
Updated: 2024-08-06T13:33:13.553Z

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Published: 2014-12-16T18:00:00.000Z
Updated: 2024-08-06T13:33:12.895Z

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

Published: 2015-01-15T15:00:00.000Z
Updated: 2024-08-06T13:26:02.477Z

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:26:02.580Z

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Published: 2015-02-01T15:00:00.000Z
Updated: 2024-08-06T13:26:02.521Z

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.524Z

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.496Z

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.448Z

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.383Z

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

Published: 2014-12-10T01:00:00.000Z
Updated: 2024-08-06T13:18:48.494Z

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.351Z

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Published: 2014-12-09T22:52:00.000Z
Updated: 2024-08-06T13:18:48.421Z

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Published: 2014-12-29T00:00:00.000Z
Updated: 2024-08-06T13:10:51.048Z

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

Published: 2014-12-12T15:00:00.000Z
Updated: 2024-08-06T13:10:50.827Z

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

Published: 2017-12-29T22:00:00.000Z
Updated: 2024-08-06T13:10:50.759Z

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

Published: 2014-12-29T23:00:00.000Z
Updated: 2024-08-06T13:10:50.068Z

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Published: 2020-02-17T21:39:04.000Z
Updated: 2024-08-06T13:10:50.852Z

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

Published: 2018-03-08T20:00:00.000Z
Updated: 2024-08-06T12:47:32.269Z

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

Published: 2018-03-08T20:00:00.000Z
Updated: 2024-08-06T12:47:32.910Z

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

Published: 2014-10-08T17:00:00.000Z
Updated: 2024-08-06T12:17:23.629Z

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Published: 2014-09-30T16:00:00.000Z
Updated: 2024-08-06T12:03:02.304Z

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Published: 2014-09-30T16:00:00.000Z
Updated: 2024-08-06T12:03:02.339Z

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Published: 2014-07-02T01:00:00.000Z
Updated: 2024-08-06T11:27:35.278Z

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: 2014-10-15T00:00:00.000Z
Updated: 2026-05-28T17:35:01.304Z

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Published: 2014-05-21T10:00:00.000Z
Updated: 2024-08-06T10:35:56.561Z

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.650Z

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.509Z

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

Published: 2014-10-13T01:00:00.000Z
Updated: 2024-08-06T09:42:36.529Z

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

Published: 2014-12-02T01:00:00.000Z
Updated: 2024-08-06T17:46:22.207Z

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Published: 2019-11-05T21:16:59.000Z
Updated: 2024-08-06T17:06:50.907Z

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Published: 2014-10-31T14:00:00.000Z
Updated: 2024-08-06T14:25:09.692Z

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Published: 2020-02-05T19:35:35.000Z
Updated: 2024-08-07T04:17:10.223Z