59443 matches found
CVE-2015-8104
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by triggering many DB aka Debug exceptions, related to svm.c...
CVE-2015-7940
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...
CVE-2015-5165
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors...
CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
CVE-2015-2922
The ndiscrouterdiscovery function in net/ipv6/ndisc.c in the Neighbor Discovery ND protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router Advertisement RA message...
CVE-2015-3414
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...
CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...
CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets...
CVE-2015-1210
Removed by vendor...
CVE-2014-6585
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591...
CVE-2014-9090
The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to cause a denial of service panic via a modifyldt system call, as demonstrated by sigreturn32 i...
CVE-2014-6457
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...
CVE-2014-3185
Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service memory corruption and system crash v...
CVE-2014-5472
The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service unkillable mount process via a crafted iso9660 image with a self-referential CL entry...
CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...
CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
CVE-2013-2076
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged t...
CVE-2013-2199
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...
CVE-2012-3375
The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...
CVE-2011-5064
Removed by vendor...
CVE-2011-2829
Removed by vendor...
CVE-2011-2481
Removed by vendor...
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...
CVE-2010-2266
nginx 0.8.36 allows remote attackers to cause a denial of service crash via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence...
CVE-2009-2408
Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...
CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
CVE-2008-3075
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" exclamation point shell metacharacter in 1 the filename of a ZIP archive and possibly 2 the filename of the first file in a ZIP archive, which is not properly...
CVE-2008-4100
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...
CVE-2007-3408
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351...
CVE-2005-2663
Removed by vendor...
CVE-2005-2081
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character...
CVE-2004-0889
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...
CVE-2004-0079
The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...
CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service infinite loop, as demonstrated using the Codenomicon TLS Test Tool...
CVE-2003-0201
Buffer overflow in the calltrans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code...
CVE-2002-1359
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite...
CVE-2021-20223
Removed by vendor...
CVE-2025-20054
Uncaught exception in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
CVE-2024-42472
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...
CVE-2024-27415
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nfconfirm logic cannot handle cloned skbs referencing the same nfconn entry, which will happen for multicast broadcast frames on bridges...
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
CVE-2024-26976
In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2023-39804
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...
CVE-2024-27304
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...
CVE-2024-1672
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...