59600 matches found
CVE-2016-9773
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556...
CVE-2016-9642
Removed by vendor...
CVE-2016-6896
Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...
CVE-2016-9934
Removed by vendor...
CVE-2016-9576
The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a /dev/sg device...
CVE-2016-8858
The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...
CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets...
CVE-2016-5597
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking...
CVE-2016-7042
The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...
CVE-2016-5425
Removed by vendor...
CVE-2016-7416
Removed by vendor...
CVE-2016-2182
The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-4998
The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...
CVE-2016-4913
The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...
CVE-2016-4342
Removed by vendor...
CVE-2015-8876
Removed by vendor...
CVE-2016-2384
Double free vulnerability in the sndusbmidicreate function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service panic or possibly have unspecified other impact via vectors involving an invalid USB descriptor...
CVE-2016-3159
The fpufxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits...
CVE-2016-1903
Removed by vendor...
CVE-2016-0778
The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...
CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...
CVE-2015-7833
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux RHEL 7.1 allows physically proximate attackers to cause a denial of service panic via a nonzero bInterfaceNumber value in a USB device descriptor...
CVE-2015-6729
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page...
CVE-2014-9529
Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...
CVE-2014-3609
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...
CVE-2014-3145
The BPFSANCNLATTRNEST extension implementation in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service over-read and system crash via crafted BPF instructions. NOTE:...
CVE-2013-0244
Removed by vendor...
CVE-2013-6416
Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...
CVE-2013-1059
net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...
CVE-2013-3223
The ax25recvmsg function in net/ax25/afax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
CVE-2013-1049
Buffer overflow in the RFC1413 ident client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service crash and possibly execute arbitrary code via a crafted response...
CVE-2013-1619
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...
CVE-2012-3546
Removed by vendor...
CVE-2012-3375
The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2010-4221
Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...
CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
CVE-2009-2694
The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...
CVE-2009-1690
Removed by vendor...
CVE-2008-4409
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service memory consumption and application crash, as demonstrated by use of xmllint on a certain XML document, a different vulnerability th...
CVE-2008-0455
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2003-1332
Stack-based buffer overflow in the replynttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201...
CVE-2006-4447
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...
CVE-2005-1545
Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow...
CVE-2005-0397
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by...
CVE-2004-0889
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...
CVE-2003-0131
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...
CVE-2022-3529
Removed by vendor...
CVE-2023-45359
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...