213680 matches found
Design/Logic Flaw
The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...
Design/Logic Flaw
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
Design/Logic Flaw
The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors...
Code injection
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...
Design/Logic Flaw
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382...
Design/Logic Flaw
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...
Crlf injection
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...
Code injection
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
Heap overflow
Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320...
Race condition
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842...
Code injection
The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...
Integer overflow
Integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an argument to the unserialize function...
Design/Logic Flaw
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Design/Logic Flaw
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...
Memory corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...
Design/Logic Flaw
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...
Xxe
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...
Design/Logic Flaw
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...
Design/Logic Flaw
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types...
Security feature bypass
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than...
Authentication flaw
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
Design/Logic Flaw
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...
Design/Logic Flaw
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...
Integer overflow
Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion betwe...
Race condition
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
Sql injection
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
Code injection
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...
Directory traversal
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
Code injection
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...
Design/Logic Flaw
Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...
Design/Logic Flaw
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation DLV, allows remote attackers to cause a denial of service infinite loop via a query for an RRSIG record whose answer is not in the cache, which causes BI...
Format string
Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...
Design/Logic Flaw
The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...
Input validation
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...
Sql injection
The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...
Design/Logic Flaw
The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...
Design/Logic Flaw
sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...
Default credentials
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges...
Code injection
Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...
Integer overflow
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...
Heap overflow
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
Memory corruption
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown...
Unrestricted file upload
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...
Sql injection
SQL injection vulnerability in index.php in the mosDirectory comdirectory 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action...
Cross site scripting
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0447. Reason: This candidate is a duplicate of CVE-2007-0447. Notes: All CVE users should reference CVE-2007-0447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...
Sql injection
Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...
Command injection
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...