CVE-2019-3460

A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1...

CVE-2019-9956

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

CVE-2018-20669

An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a...

CVE-2019-9641

Removed by vendor...

CVE-2019-7659

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service application abort or possibly have unspecified other impact if a server application is built with the -DWITHCOOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librarie...

CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

CVE-2019-3701

An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. The privileged user "root" with CAPNETADMIN can create a CAN frame modification rule that mak...

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2017-7482

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and...

CVE-2018-1000300

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This...

CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

CVE-2018-10393

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

CVE-2018-10323

The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service xfsbmapiwrite NULL pointer dereference via a crafted xfs image...

CVE-2018-9251

The xzdecomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact because the port-exists value can change after it is validated...

CVE-2017-18028

In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file...

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

CVE-2017-17450

net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared across all net namespaces...

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail...

CVE-2017-16528

sound/core/seqdevice.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service sndrawmididevseqfree use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...

CVE-2017-13090

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...

CVE-2017-5070

Removed by vendor...

CVE-2017-12617

Removed by vendor...

CVE-2017-14491

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response...

CVE-2017-13144

In ImageMagick before 6.9.7-10, there is a crash rather than a "width or height exceeds limit" error report if the image dimensions are too large, as demonstrated by use of the mpc coder...

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages...

CVE-2017-11533

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage function in coders/uil.c...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers...

CVE-2017-9077

The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

CVE-2017-9049

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398...

CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

CVE-2016-10158

Removed by vendor...

CVE-2016-9555

The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service out-of-bounds slab access or possibly have unspecified other impact via crafted SCTP data...

CVE-2016-7129

Removed by vendor...

CVE-2016-4565

The InfiniBand aka IB stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service kernel memory write operation or possibly have unspecified other impact via a uAPI interface...

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

CVE-2016-2117

The atl2probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data...

CVE-2015-8812

drivers/infiniband/hw/cxgb3/iwchcm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via crafted packets...

CVE-2016-0687

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component...

CVE-2011-4600

The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...

CVE-2015-8551

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service NULL pointer dereference and host OS crash by leveraging a system with access to a...

CVE-2015-8543

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service NULL function pointer dereference and system crash or possibly gain...