229 matches found
CVE-2016-0777
CVE-2016-0777 pertains to an information leak and buffer overflow in OpenSSH client roaming (roaming_bytes reading memory) affecting OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2. Exploitation would allow a remote server to obtain memory contents (e.g., private keys) via a roaming request. Connected d...
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2016-1908
OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...
CVE-2016-0778
CVE-2016-0778 affects the OpenSSH client roaming feature. The root cause is improper bounds handling in roaming_read/roaming_write in roaming_common.c, enabling a heap-based buffer overflow when certain proxy/forward options are used. This can cause a denial of service or potentially arbitrary co...
CVE-2016-5387
CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2016-3715
Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...
CVE-2016-3718
ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...
CVE-2013-5704
CVE-2013-5704 concerns the Apache HTTP Server mod_headers trailer-header bypass vulnerability. The issue arises when a client places headers in the trailer portion of a chunked request, potentially bypassing RequestHeader unset directives and allowing header manipulation after header processing. ...
CVE-2016-3427
CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2015-0235
CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...
CVE-2015-4643
CVE-2015-4643 is an integer overflow in PHP’s FTP extension (ftp_genlist in ext/ftp/ftp.c). A long LIST reply from an FTP server can trigger a heap-based buffer overflow, potentially allowing code execution. Affected PHP versions: before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10. The v...
CVE-2016-2776
CVE-2016-2776 describes a denial-of-service in ISC BIND where a crafted DNS query leads to an assertion failure in buffer.c while building responses, causing named to exit. Affected products/versions include BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3. The root ca...
CVE-2015-8000
CVE-2015-8000 affects ISC BIND 9.x (before 9.9.8-P2 and 9.10.x before 9.10.3-P2). A flaw in db.c parsing incoming responses allows remote DoS via a malformed class attribute, causing an assertion failure and daemon exit. F5’s advisory notes vulnerability presence in BIG-IP family components that ...
CVE-2014-3581
Apache HTTP Server vulnerability CVE-2014-3581 affects the mod_cache component (cache_util.c) in the httpd 2.4.x line, before 2.4.11. An empty Content-Type header can trigger a NULL pointer dereference in cache_merge_headers_out, leading to a denial of service (application crash). Public advisori...
CVE-2016-5385
CVE-2016-5385 affects PHP up to 7.0.8, where PHP did not protect against the HTTP_PROXY namespace clash, potentially allowing a remote attacker to redirect a script’s outbound HTTP traffic to an attacker‑controlled proxy via a crafted Proxy header. Public analyses reference CGI/CGI‑like environme...
CVE-2013-5211
CVE-2013-5211 affects ntpd’s monlist functionality. ntpd before 4.2.7p26 allows remote attackers to cause a DoS via forged REQ_MON_GETLIST and REQ_MON_GETLIST_1 requests (traffic amplification). Public advisories confirm exploitation in the wild and recommend upgrading ntp to 4.2.7p26 or newer (e...
CVE-2025-4598
The CVE-2025-4598 entry concerns a race condition in systemd-coredump that can let a local attacker read a crashed SUID process’s core dump. Affected component is systemd and its coredump handling; root cause is a kill-and-replace race where the kernel recycles a PID before systemd-coredump can a...
CVE-2016-2177
OpenSSL vulnerability CVE-2016-2177 arises from pointer arithmetic used for heap-buffer boundary checks in OpenSSL 1.0.2h and earlier, which could allow a remote attacker to trigger a denial of service (integer overflow and crash) due to unexpected malloc behavior. Affected components include s3_...
CVE-2016-2182
CVE-2016-2182 affects the BN_bn2dec() path in OpenSSL (OpenSSL before 1.1.0). The BN_div_word() return value is not reliably checked, enabling an out-of-bounds write that could crash the app or lead to other impact via processing large BIGNUMs. Several advisories (Android OpenSSL bulletin, Linux ...
CVE-2022-21505
CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...
CVE-2016-4997
CVE-2016-4997 affects the Linux kernel netfilter IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE handling in 32/64-bit compatibility paths prior to 4.6.3, enabling local privilege escalation or memory-corruption-based denial of service when a crafted offset is supplied via in-container root access. Ex...
CVE-2022-21499
CVE-2022-21499: KGDB/KDB can read/write kernel memory if lockdown is triggered; attacker with serial-port access could trigger debugger. Connected advisories reiter the risk and note the need to ensure lockdown mode is respected, but do not specify a patched version or remediation beyond that. Th...
CVE-2016-5388
The CVE-2016-5388 issue affects Apache Tomcat (CGI Servlet enabled) where Proxy header handling exposes HTTP_PROXY data to CGI scripts, enabling redirection of outbound requests to a attacker-controlled proxy (httpoxy). Public advisories across multiple distributions confirm Tomcat 7.x up to 7.0....
CVE-2014-0207
CVE-2014-0207 affects the PHP fileinfo extension’s handling of Composite Document Format (CDF) files. The vulnerability is in the cdf_read_short_sector() function (cdf.c) when used with PHP builds prior to 5.4.30 and 5.5.x prior to 5.5.14, where insufficient boundary checks allow a remote attacke...
CVE-2014-3479
CVE-2014-3479 affects the Fileinfo component in PHP (cdf_check_stream_offset in cdf.c) and can trigger a remote denial of service (application crash) by crafting a CDF stream offset. It is tied to PHP versions before 5.4.30 and 5.5.x before 5.5.14 due to incorrect sector-size data. The issue is d...
CVE-2015-3329
CVE-2015-3329 describes multiple stack-based buffer overflows in PHP’s Phar handling (phar_set_inode in phar_internal.h) that allow remote code execution via crafted length values in tar, phar, or ZIP archives. Affected PHP releases are 5.4.40 and earlier (5.4.x), 5.5.x prior to 5.5.24, and 5.6.x...
CVE-2014-3480
The CVE-2014-3480 entry concerns a flaw in the cdf_count_chain function of cdf.c used by PHP’s Fileinfo component. The issue stems from inadequate validation of sector-count data in CDF files, enabling a remote attacker to trigger a denial of service (application crash) by supplying a crafted CDF...
CVE-2014-3487
CVE-2014-3487 is a vulnerability in PHP’s Fileinfo (cdf_read_property_info in cdf.c) where the Fileinfo component fails to validate a stream offset in CDF files. A crafted CDF file can cause a DoS (application crash) on PHP builds using file before 5.19, specifically affecting PHP 5.4.30 and 5.5....
CVE-2016-6197
CVE-2016-6197 affects the OverlayFS implementation (fs/overlayfs/dir.c) in the Linux kernel before 4.6. The flaw allows a local user to cause a denial of service (system crash) by a rename that specifies a self-hardlink, due to incomplete verification of the upper dentry during unlink/rename. Exp...
CVE-2016-1950
CVE-2016-1950 is a real NSS vulnerability: a heap-based buffer overflow in the ASN.1 DER parser allows remote code execution via crafted data in X.509 certificates. Affected NSS releases include 3.19.2.3 and 3.20.x, and 3.21.x before 3.21.1; it affects Mozilla Firefox up to 45.0 and Firefox ESR 3...
CVE-2015-4024
The CVE-2015-4024 entry describes an algorithmic complexity DoS in PHP’s multipart HTTP POST handling (multipart_buffer_headers in main/rfc1867.c). Attackers can cause high CPU usage with specially crafted form data, affecting PHP versions prior to 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5....
CVE-2015-1819
The CVE-2015-1819 entry is supported by connected data showing a deterministic DoS in libxml2 via XML Entity Expansion (XEE) during XML parsing, causing memory exhaustion. Amazon Linux 2 advisory ALAS2-2019-1220 explicitly groups CVE-2015-1819 with several libxml2 DoS/memory-related CVEs and inst...
CVE-2015-8126
CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...
CVE-2014-8559
CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...
CVE-2015-3330
CVE-2015-3330 affects PHP when running under Apache httpd 2.4.x; the php_handler in sapi/apache2handler/sapi_apache2.c can be invoked by pipelined HTTP requests to cause a denial of service or possibly arbitrary code execution due to a deconfigured interpreter. Affected families are PHP versions ...
CVE-2016-3598
CVE-2016-3598 concerns an unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 within the Libraries component that could allow remote attackers to affect confidentiality, integrity, and availability via sandbox-related bypasses. The issue is described as a sandbox restrictio...
CVE-2016-2181
OpenSSL CVE-2016-2181 affects the Datagram TLS (DTLS) replay protection: a flaw in the replay window handling could cause legitimate packets to be dropped when a crafted sequence number is used, enabling a remote attacker to cause DoS. Upstream fixes were released (e.g., OpenSSL 1.0.2.x and 1.0.1...
CVE-2016-2180
CVE-2016-2180 refers to an out-of-bounds read in the TS_OBJ_print_bio() function of the OpenSSL X.509 Time-Stamp Protocol (TSP) implementation. A remote attacker could crash the application by supplying a crafted time-stamp file that is mishandled by the openssl ts tool. The connected advisories ...
CVE-2016-2178
OpenSSL CVE-2016-2178: The dsa_sign_setup path in OpenSSL up to version 1.0.2h can process DSA signing in a non-constant-time way, enabling a local attacker to recover a private DSA key via a timing side-channel. Several advisories note this alongside other OpenSSL fixes and generally recommend u...
CVE-2014-9751
CVE-2014-9751 affects the Network Time Protocol daemon (ntpd) in Linux/OS X builds of NTP 4.x prior to 4.2.8p1. The read_network_packet function fails to correctly identify IPv6 loopback (::1) sources, allowing remote attackers to spoof restricted packets and potentially disrupt or manipulate ntp...
CVE-2015-3195
CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...
CVE-2015-1351
The CVE-2015-1351 issue concerns PHP’s OPcache extension (zend_shared_alloc.c: _zend_shared_memdup). A use-after-free in PHP 5.6.7 and earlier can allow remote denial of service or potentially other impact via unknown vectors. The F5 advisory confirms the vulnerability and indicates affected PHP/...
CVE-2016-4448
CVE-2016-4448 is a format-string vulnerability in libxml2 (pre-2.9.4). The connected F5 advisory confirms libxml2 is the vulnerable component across multiple BIG-IP products and lists specific BIG-IP families/versions as vulnerable, with a table guiding upgrades to non‑vulnerable releases. Impact...
CVE-2016-6302
CVE-2016-6302 affects OpenSSL: an under-specified/under-checked length condition in TLS session ticket handling can cause an out-of-bounds read (DoS) when SHA-512 is used for ticket HMAC. Public details in 2016 advisory set; openssl fixes moved to 1.0.2.i-1 (and newer). Remediation: upgrade OpenS...
CVE-2016-7039
CVE-2016-7039 affects the Linux kernel IP stack up to version 4.8.2. An attacker can trigger the GRO path with large crafted packets (e.g., VLAN header packets), causing stack consumption and a possible panic/DoS; this is related to CVE-2016-8666. Nessus/UTSA advisories for Unity Linux reference ...
CVE-2016-4913
The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...
CVE-2016-4054
CVE-2016-4054: A remote code execution vulnerability in Squid related to processing Edge Side Includes (ESI) responses. The issue appears in Squid 3.x (pre-3.5.17) and 4.x (pre-4.0.9) per the initial entry; connected advisories confirm ESI-related buffer/validation flaws and exposures when Squid ...