132 matches found
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2016-1908
OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...
CVE-2016-5387
CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2016-3715
Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...
CVE-2016-3718
ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...
CVE-2013-5704
CVE-2013-5704 concerns the Apache HTTP Server mod_headers trailer-header bypass vulnerability. The issue arises when a client places headers in the trailer portion of a chunked request, potentially bypassing RequestHeader unset directives and allowing header manipulation after header processing. ...
CVE-2016-3427
CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2015-4643
CVE-2015-4643 is an integer overflow in PHP’s FTP extension (ftp_genlist in ext/ftp/ftp.c). A long LIST reply from an FTP server can trigger a heap-based buffer overflow, potentially allowing code execution. Affected PHP versions: before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10. The v...
CVE-2016-2776
CVE-2016-2776 describes a denial-of-service in ISC BIND where a crafted DNS query leads to an assertion failure in buffer.c while building responses, causing named to exit. Affected products/versions include BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3. The root ca...
CVE-2015-8000
CVE-2015-8000 affects ISC BIND 9.x (before 9.9.8-P2 and 9.10.x before 9.10.3-P2). A flaw in db.c parsing incoming responses allows remote DoS via a malformed class attribute, causing an assertion failure and daemon exit. F5’s advisory notes vulnerability presence in BIG-IP family components that ...
CVE-2014-3581
Apache HTTP Server vulnerability CVE-2014-3581 affects the mod_cache component (cache_util.c) in the httpd 2.4.x line, before 2.4.11. An empty Content-Type header can trigger a NULL pointer dereference in cache_merge_headers_out, leading to a denial of service (application crash). Public advisori...
CVE-2016-5385
CVE-2016-5385 affects PHP up to 7.0.8, where PHP did not protect against the HTTP_PROXY namespace clash, potentially allowing a remote attacker to redirect a script’s outbound HTTP traffic to an attacker‑controlled proxy via a crafted Proxy header. Public analyses reference CGI/CGI‑like environme...
CVE-2013-5211
CVE-2013-5211 affects ntpd’s monlist functionality. ntpd before 4.2.7p26 allows remote attackers to cause a DoS via forged REQ_MON_GETLIST and REQ_MON_GETLIST_1 requests (traffic amplification). Public advisories confirm exploitation in the wild and recommend upgrading ntp to 4.2.7p26 or newer (e...
CVE-2016-2177
OpenSSL vulnerability CVE-2016-2177 arises from pointer arithmetic used for heap-buffer boundary checks in OpenSSL 1.0.2h and earlier, which could allow a remote attacker to trigger a denial of service (integer overflow and crash) due to unexpected malloc behavior. Affected components include s3_...
CVE-2016-5388
The CVE-2016-5388 issue affects Apache Tomcat (CGI Servlet enabled) where Proxy header handling exposes HTTP_PROXY data to CGI scripts, enabling redirection of outbound requests to a attacker-controlled proxy (httpoxy). Public advisories across multiple distributions confirm Tomcat 7.x up to 7.0....
CVE-2016-2182
CVE-2016-2182 affects the BN_bn2dec() path in OpenSSL (OpenSSL before 1.1.0). The BN_div_word() return value is not reliably checked, enabling an out-of-bounds write that could crash the app or lead to other impact via processing large BIGNUMs. Several advisories (Android OpenSSL bulletin, Linux ...
CVE-2022-21499
CVE-2022-21499: KGDB/KDB can read/write kernel memory if lockdown is triggered; attacker with serial-port access could trigger debugger. Connected advisories reiter the risk and note the need to ensure lockdown mode is respected, but do not specify a patched version or remediation beyond that. Th...
CVE-2015-3329
CVE-2015-3329 describes multiple stack-based buffer overflows in PHP’s Phar handling (phar_set_inode in phar_internal.h) that allow remote code execution via crafted length values in tar, phar, or ZIP archives. Affected PHP releases are 5.4.40 and earlier (5.4.x), 5.5.x prior to 5.5.24, and 5.6.x...
CVE-2016-1950
CVE-2016-1950 is a real NSS vulnerability: a heap-based buffer overflow in the ASN.1 DER parser allows remote code execution via crafted data in X.509 certificates. Affected NSS releases include 3.19.2.3 and 3.20.x, and 3.21.x before 3.21.1; it affects Mozilla Firefox up to 45.0 and Firefox ESR 3...
CVE-2016-6197
CVE-2016-6197 affects the OverlayFS implementation (fs/overlayfs/dir.c) in the Linux kernel before 4.6. The flaw allows a local user to cause a denial of service (system crash) by a rename that specifies a self-hardlink, due to incomplete verification of the upper dentry during unlink/rename. Exp...
CVE-2015-4024
The CVE-2015-4024 entry describes an algorithmic complexity DoS in PHP’s multipart HTTP POST handling (multipart_buffer_headers in main/rfc1867.c). Attackers can cause high CPU usage with specially crafted form data, affecting PHP versions prior to 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5....
CVE-2015-8126
CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...
CVE-2015-3330
CVE-2015-3330 affects PHP when running under Apache httpd 2.4.x; the php_handler in sapi/apache2handler/sapi_apache2.c can be invoked by pipelined HTTP requests to cause a denial of service or possibly arbitrary code execution due to a deconfigured interpreter. Affected families are PHP versions ...
CVE-2016-2181
OpenSSL CVE-2016-2181 affects the Datagram TLS (DTLS) replay protection: a flaw in the replay window handling could cause legitimate packets to be dropped when a crafted sequence number is used, enabling a remote attacker to cause DoS. Upstream fixes were released (e.g., OpenSSL 1.0.2.x and 1.0.1...
CVE-2016-3598
CVE-2016-3598 concerns an unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 within the Libraries component that could allow remote attackers to affect confidentiality, integrity, and availability via sandbox-related bypasses. The issue is described as a sandbox restrictio...
CVE-2016-2180
CVE-2016-2180 refers to an out-of-bounds read in the TS_OBJ_print_bio() function of the OpenSSL X.509 Time-Stamp Protocol (TSP) implementation. A remote attacker could crash the application by supplying a crafted time-stamp file that is mishandled by the openssl ts tool. The connected advisories ...
CVE-2015-3195
CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...
CVE-2015-1351
The CVE-2015-1351 issue concerns PHP’s OPcache extension (zend_shared_alloc.c: _zend_shared_memdup). A use-after-free in PHP 5.6.7 and earlier can allow remote denial of service or potentially other impact via unknown vectors. The F5 advisory confirms the vulnerability and indicates affected PHP/...
CVE-2016-2178
OpenSSL CVE-2016-2178: The dsa_sign_setup path in OpenSSL up to version 1.0.2h can process DSA signing in a non-constant-time way, enabling a local attacker to recover a private DSA key via a timing side-channel. Several advisories note this alongside other OpenSSL fixes and generally recommend u...
CVE-2016-4448
CVE-2016-4448 is a format-string vulnerability in libxml2 (pre-2.9.4). The connected F5 advisory confirms libxml2 is the vulnerable component across multiple BIG-IP products and lists specific BIG-IP families/versions as vulnerable, with a table guiding upgrades to non‑vulnerable releases. Impact...
CVE-2016-7039
CVE-2016-7039 affects the Linux kernel IP stack up to version 4.8.2. An attacker can trigger the GRO path with large crafted packets (e.g., VLAN header packets), causing stack consumption and a possible panic/DoS; this is related to CVE-2016-8666. Nessus/UTSA advisories for Unity Linux reference ...
CVE-2016-6302
CVE-2016-6302 affects OpenSSL: an under-specified/under-checked length condition in TLS session ticket handling can cause an out-of-bounds read (DoS) when SHA-512 is used for ticket HMAC. Public details in 2016 advisory set; openssl fixes moved to 1.0.2.i-1 (and newer). Remediation: upgrade OpenS...
CVE-2016-4913
The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...
CVE-2016-4054
CVE-2016-4054: A remote code execution vulnerability in Squid related to processing Edge Side Includes (ESI) responses. The issue appears in Squid 3.x (pre-3.5.17) and 4.x (pre-4.0.9) per the initial entry; connected advisories confirm ESI-related buffer/validation flaws and exposures when Squid ...
CVE-2016-2179
OpenSSL CVE-2016-2179: The DTLS implementation could exhaust memory by accepting many crafted DTLS sessions due to unprocessed, out-of-order handshake messages. This memory-DoS vectors arises from DTLS queue handling in d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. Public advisories (...
CVE-2016-4470
CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...
CVE-2013-4312
The CVE-2013-4312 issue affects the Linux kernel prior to 4.4.1, where a local attacker could bypass per-process file-descriptor limits by sending descriptors over a local UNIX domain socket before closing them, causing memory exhaustion and potential denial of service. The root cause is the hand...
CVE-2014-8134
CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...
CVE-2015-5219
CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...
CVE-2016-1960
CVE-2016-1960 is a vulnerability in Mozilla Firefox’s HTML5 parser (nsHtml5TreeBuilder) involving an integer underflow that enables a use-after-free scenario when parsing end tags in a foreign fragment context (SVG). Affects Firefox before 45.0 and Firefox ESR 38.x before 38.7; exploitation can l...
CVE-2016-2518
CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...
CVE-2015-7691
CVE-2015-7691 affects ntpd’s crypto_xmit handling in NTP 4.2.x (before 4.2.8p4) and 4.3.x (before 4.3.77). The flaw arises from incomplete validation of autokey operations in crafted packets, allowing a remote attacker to crash ntpd (denial of service). This is tied to an incomplete fix of CVE-20...
CVE-2015-7701
CVE-2015-7701 involves a memory leak in ntpd’s CRYPTO_ASSOC when autokey is enabled. Affected: ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Impact: potential denial of service due to memory exhaustion. Remediation: upgrade to fixed ntp releases (e.g., 4.2.8p4+ or 4.3.77+); or disable...
CVE-2015-7977
CVE-2015-7977 : ntpd/nptdsp (NTP) vulnerability where processing of the ntpdc reslist command could cause a NULL pointer dereference and crash ntpd. This is triggered by large restriction lists. Affects ntpd/ntpdc in NTP 4.2.x leading up to 4.2.8p6 and 4.3.x prior to 4.3.90. Remediation: upgrade ...
CVE-2016-0695
CVE-2016-0695 is discussed across multiple connected sources as a vulnerability in OpenJDK/OpenJRE components (Serialization, Hotspot, RMI/JMX deserialization, JAXP surrogate handling, and DS A signatures). The issue enables potential confidentiality breaches and sandbox bypass mechanics, with th...
CVE-2016-3710
CVE-2016-3710 : A bounds-checking flaw in QEMU’s VGA module (VBE read/write via I/O ports) allows a privileged guest to modify banked video memory and execute arbitrary code on the host with QEMU process privileges. Root cause: out-of-bounds read/write in VGA bank access. Impact: potential host c...
CVE-2016-5403
CVE-2016-5403 affects QEMU’s virtio path (virtqueue_pop in hw/virtio/virtio.c). A local guest OS administrator can cause a denial of service via unbounded memory allocation by submitting virtqueue requests without waiting for completion, potentially crashing the QEMU process. Public postings acro...