59507 matches found
CVE-2017-15649
net/packet/afpacket.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data structures, because of a race condition involving fanoutadd and packetdobind that leads to a use-after-free, a different vulnerabili...
CVE-2017-15281
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised values."...
CVE-2017-1000111
Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...
CVE-2017-1000101
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...
CVE-2017-14741
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service infinite loop via a crafted font file...
CVE-2015-5327
Out-of-bounds memory read in the x509decodetime function in x509certparser.c in Linux kernels 4.3-rc1 and after...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-13693
The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...
CVE-2017-12937
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read...
CVE-2017-10090
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...
CVE-2017-11352
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144...
CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...
CVE-2017-8890
The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...
CVE-2017-3526
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with...
CVE-2016-10229
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag...
CVE-2017-7308
The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...
CVE-2017-7275
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service attempted large memory allocation and application crash via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866...
CVE-2017-5579
Memory leak in the serialexitcore function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...
CVE-2016-7407
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...
CVE-2016-9830
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service crash via large dimensions in a jpeg image...
CVE-2017-6353
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...
CVE-2016-4487
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service segmentation fault and crash via a crafted binary, related to "btypevec."...
CVE-2016-9773
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556...
CVE-2017-5967
The time subsystem in the Linux kernel through 4.9.9, when CONFIGTIMERSTATS is enabled, allows local users to discover real PID values as distinguished from PID values inside a PID namespace by reading the /proc/timerlist file, related to the printtimer function in kernel/time/timerlist.c and the...
CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...
CVE-2017-3252
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAAS. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with...
CVE-2016-10161
Removed by vendor...
CVE-2016-7906
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service use-after-free via a crafted file...
CVE-2016-9138
Removed by vendor...
CVE-2016-9104
Multiple integer overflows in the 1 v9fsxattrread and 2 v9fsxattrwrite functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS administrators to cause a denial of service QEMU process crash via a crafted offset, which triggers an out-of-bounds access...
CVE-2016-9318
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...
CVE-2016-6308
statem/statemdtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted DTLS messages...
CVE-2016-5768
Removed by vendor...
CVE-2016-2143
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service system crash or possibly have unspecified other impact via a crafted application, related to...
CVE-2016-3134
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...
CVE-2015-8816
The hubactivate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service invalid memory access and system crash or possibly have unspecified other impact ...
CVE-2016-2115
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacnnp, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream...
CVE-2015-8778
Integer overflow in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via the size argument to the hcreater function, which triggers out-of-bounds heap-memory access...
CVE-2010-5325
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service memory corruption and crash or possibly execute arbitrary code via a long job title...
CVE-2016-0706
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...
CVE-2016-0742
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response...
CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
CVE-2015-1830
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors...
CVE-2015-3226
Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...
CVE-2015-2590
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...
CVE-2015-0488
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE...
CVE-2015-2331
Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
CVE-2015-0208
The ASN.1 signature-verification implementation in the rsaitemverify function in crypto/rsa/rsaameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted RSA PSS parameters to an endpoint that uses the...