Lucene search

K
CanonicalUbuntu Linux15.10

351 matches found

CVE
CVE
added 2016/07/21 10:14 a.m.130 views

CVE-2016-3615

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

5.3CVSS5.3AI score0.01765EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.130 views

CVE-2016-4569

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

5.5CVSS5.8AI score0.00522EPSS
CVE
CVE
added 2016/04/08 3:59 p.m.129 views

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

7.5CVSS7.3AI score0.18017EPSS
CVE
CVE
added 2016/02/25 1:59 a.m.128 views

CVE-2015-5351

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

8.8CVSS8.4AI score0.06311EPSS
CVE
CVE
added 2016/01/21 3:2 a.m.127 views

CVE-2016-0616

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS4.8AI score0.00472EPSS
CVE
CVE
added 2016/02/25 1:59 a.m.127 views

CVE-2016-0763

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass i...

6.5CVSS7.1AI score0.00238EPSS
CVE
CVE
added 2016/06/01 8:59 p.m.127 views

CVE-2016-3075

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

7.5CVSS7.2AI score0.11367EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.126 views

CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

7.8CVSS7.2AI score0.00352EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.126 views

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

7.1CVSS6.2AI score0.24199EPSS
CVE
CVE
added 2016/04/25 2:59 p.m.126 views

CVE-2016-4052

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

8.1CVSS8.5AI score0.13625EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.125 views

CVE-2016-2187

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00057EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.124 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.05589EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.121 views

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.1CVSS8.5AI score0.06886EPSS
CVE
CVE
added 2016/03/13 10:59 p.m.120 views

CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL con...

6.5CVSS6AI score0.04074EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.119 views

CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

9.8CVSS9AI score0.03538EPSS
CVE
CVE
added 2016/01/21 3:1 a.m.119 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00245EPSS
CVE
CVE
added 2016/01/21 2:59 a.m.118 views

CVE-2016-0402

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.

5CVSS5.7AI score0.01868EPSS
CVE
CVE
added 2016/01/14 10:59 p.m.117 views

CVE-2015-8605

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

6.5CVSS5.9AI score0.49966EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.117 views

CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.8CVSS9.1AI score0.08413EPSS
CVE
CVE
added 2016/04/25 12:59 a.m.117 views

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

5.9CVSS6.5AI score0.19062EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.117 views

CVE-2016-3955

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

10CVSS9.2AI score0.12798EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.116 views

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

4CVSS5.2AI score0.0092EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.116 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00419EPSS
CVE
CVE
added 2015/11/18 4:59 p.m.116 views

CVE-2015-7942

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than...

6.8CVSS6.6AI score0.01453EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.116 views

CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8CVSS9.2AI score0.06371EPSS
CVE
CVE
added 2016/04/13 5:59 p.m.116 views

CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

7.5CVSS7.1AI score0.08534EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.116 views

CVE-2016-3951

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

4.9CVSS6.8AI score0.00062EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.116 views

CVE-2016-4449

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

7.1CVSS8.2AI score0.0014EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.115 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00392EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.115 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00414EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.115 views

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript ...

8.8CVSS8.2AI score0.01111EPSS
CVE
CVE
added 2016/04/25 12:59 a.m.115 views

CVE-2016-2113

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

7.4CVSS6.2AI score0.05701EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.115 views

CVE-2016-4580

The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

7.5CVSS6.8AI score0.00679EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.114 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00419EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.114 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00304EPSS
CVE
CVE
added 2015/12/29 10:59 p.m.114 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_se...

5.4CVSS6.2AI score0.04481EPSS
CVE
CVE
added 2015/11/06 6:59 p.m.114 views

CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

6.8CVSS6.6AI score0.31998EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.113 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.00861EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.113 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.05455EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.112 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00299EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.112 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.01714EPSS
CVE
CVE
added 2015/03/27 2:59 p.m.111 views

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over...

5CVSS8AI score0.02531EPSS
CVE
CVE
added 2015/11/06 6:59 p.m.111 views

CVE-2015-7697

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

4.3CVSS5.1AI score0.25148EPSS
CVE
CVE
added 2016/05/10 7:59 p.m.111 views

CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5CVSS7.5AI score0.56857EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.110 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

7.5CVSS8.1AI score0.00532EPSS
CVE
CVE
added 2016/04/25 12:59 a.m.110 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as d...

5.9CVSS6.7AI score0.1807EPSS
CVE
CVE
added 2016/04/19 9:59 p.m.109 views

CVE-2014-9765

Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.

8.8CVSS8.7AI score0.02304EPSS
CVE
CVE
added 2015/12/15 9:59 p.m.109 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5CVSS6.7AI score0.0357EPSS
CVE
CVE
added 2016/05/17 2:8 p.m.109 views

CVE-2016-3705

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containin...

7.5CVSS7.6AI score0.00875EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.108 views

CVE-2016-0505

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

6.8CVSS5AI score0.00709EPSS
Total number of security vulnerabilities351