129 matches found
CVE-2018-19052
The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2017-5753
CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...
CVE-2016-3714
CVE-2016-3714 affects ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. An improper input validation flaw in the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image (ImageTragick). The vulnera...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2020-5504
CVE-2020-5504 affects phpMyAdmin 4 prior to 4.9.4 and 5 prior to 5.0.1, where an SQL injection exists in the user accounts page. A malicious user could inject SQL in place of their username when creating queries on that page; an attacker must have a valid MySQL account to access the server. Conne...
CVE-2020-15707
CVE-2020-15707 is a GRUB2 bootloader vulnerability (initrd size handling) causing a heap-based buffer overflow via integer overflow in initrd processing. The flaw affects GRUB2 2.04 and earlier as deployed in multiple distros (Debian, Red Hat, Ubuntu) and can enable arbitrary code execution durin...
CVE-2020-15706
CVE-2020-15706 affects GRUB2 (2.04 and earlier) and is a race-condition/use-after-free in grub_script_function_create() triggered by redefining a function during execution, leading to arbitrary code execution and Secure Boot restriction bypass. Remediation is to upgrade to patched GRUB2 packages ...
CVE-2020-15705
GRUB2 ≤ 2.04 fails to validate kernel signatures when booting directly without shim, allowing Secure Boot bypass if the kernel signing certificate is in the Secure Boot DB. The issue affects GRUB2 2.04 and earlier; upgrades to patched grub2/shim combinations are advised (e.g., 2.06+ and related s...
CVE-2011-3026
CVE-2011-3026 describes a heap-based overflow in libpng caused by an integer overflow in png_decompress_chunk(), leading to potential remote code execution or crashes when handling crafted PNGs. Affected: libpng as used by Chrome (and various products); vulnerable versions precede fixed releases....
CVE-2018-6556
CVE-2018-6556 affects lxc-user-nic where, when asked to delete a network interface, the code unconditionally opens a user-supplied path. This can let an unprivileged user infer the existence of a path they should not reach and may trigger side effects by opening (read-only) kernel files such as /...
CVE-2015-7547
CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...
CVE-2020-6429
CVE-2020-6429 refers to a use-after-free in Google Chrome’s audio path that could allow remote heap corruption via a crafted HTML page. Public references in Debian and Alpine security advisories confirm the flaw affects Chromium/Chrome up to version 80.0.3987.149, with fixed versions pushed in th...
CVE-2020-6422
CVE-2020-6422 is a use-after-free vulnerability in WebGL of Google Chrome before 80.0.3987.149, enabling a remote attacker to potentially cause heap corruption via a crafted HTML page. Mitigation: upgrade Chromium/Chrome to 80.0.3987.149 or newer (reported in Debian/Fedora advisories and Gentoo/G...
CVE-2020-6426
CVE-2020-6426: In Google Chrome, an implementation error in V8 prior to 80.0.3987.149 could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected software is Chrome before 80.0.3987.149 (and Chromium-based builds). Root cause: inappropriate V8 implementation. Impact d...
CVE-2018-12116
CVE-2018-12116 in Node.js is an HTTP request splitting vulnerability: if an unsanitized Unicode path is supplied, a second user-defined HTTP request can be generated to the same server. Affected are all Node.js versions prior to 6.15.0 and 8.14.0. The vulnerability may enable DoS and, per related...
CVE-2015-5300
CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...
CVE-2014-8559
CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...
CVE-2018-12122
CVE-2018-12122 affects Node.js versions before 6.15.0, 8.14.0, 10.14.0 and 11.3.0. It enables a Slowloris-style DoS by sending HTTP/HTTPS headers very slowly, keeping connections alive and consuming resources. A 40-second headersTimeout patch (adjustable via server.headersTimeout) helps defend, a...
CVE-2014-0181
The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...
CVE-2020-6427
CVE-2020-6427 is a use-after-free in Google Chrome’s audio subsystem that could allow a remote attacker to exploit heap corruption via a crafted HTML page. Affected: Google Chrome (audio path); vulnerability type: use-after-free. Impact: potential remote code execution is described in affected ad...
CVE-2018-19208
CVE-2018-19208 affects libwpd 0.10.2 where a NULL pointer dereference in WP6ContentListener::defineTable (WP6ContentListener.cpp) can cause a denial of service. This vulnerability is related to WPXTable.h and has been documented across multiple advisories (e.g., Miracles/MiracleLinux AXSA:2019-41...
CVE-2020-6428
CVE-2020-6428 involves a use-after-free in the audio component of Google Chrome prior to 80.0.3987.149, potentially enabling a remote attacker to trigger heap corruption via a crafted HTML page. Affected software includes Google Chrome and Chromium-based builds; Debian, Fedora, Gentoo, and Alpine...
CVE-2014-8134
CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...
CVE-2020-6424
CVE-2020-6424 is a use-after-free in Chrome’s media handling that could allow heap corruption via a crafted HTML page on Chrome versions prior to 80.0.3987.149. Affected: Google Chrome (desktop). Root cause: use-after-free in media code paths. Impact: remote code execution likelihood noted as hig...
CVE-2017-14798
CVE-2017-14798 describes a race condition in the PostgreSQL init script that could allow an attacker who can access the postgres account to escalate privileges to root. Public material (including exploit code and security advisories) confirms the vulnerability path via the init script and local a...
CVE-2015-7976
CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...
CVE-2020-6449
CVE-2020-6449 is a use-after-free vulnerability in the audio component of Google Chrome prior to 80.0.3987.149. The issue could allow a remote attacker to cause heap corruption via a crafted HTML page. Documents confirm the affected product is Google Chrome/Chromium and that the fix was applied i...
CVE-2014-1505
CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...
CVE-2014-9116
CVE-2014-9116 concerns the Mutt mail client. The description specifies that the write_one_header function in mutt 1.5.23 mishandles newline characters at the beginning of a header, allowing a remote attacker to cause a denial of service (crash) by sending a header with an empty body. This conditi...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2019-15624
CVE-2019-15624: Nextcloud Server 15.0.7 is affected by improper input validation that allows group admins to create users with IDs of system folders. The issue is confirmed in CVE-2019-15624 and is addressed in security advisories accompanying Nextcloud updates to 15.0.14 (NC-SA-2020-015/openSUSE...
CVE-2014-1510
CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...
CVE-2015-2734
CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...
CVE-2015-8776
The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...
CVE-2019-3688
CVE-2019-3688 affects the /usr/sbin/pinger binary shipped with squid on SUSE/OpenSUSE, where the binary had squid:root, 0750 permissions. The local attacker who has compromised the squid user could replace or modify the binary to achieve persistence. Affected products include SUSE Linux Enterpris...
CVE-2015-3405
CVE-2015-3405 concerns ntp-keygen generating MD5 keys with insufficient entropy on big-endian systems, enabling an attacker to brute-force 93 possible keys and potentially spoof NTP. The IBM Power HMC bulletin lists affected products and versions: Power HMC V7.3.0.0, V7.9.0.0, V8.1.0.0, and V8.2....
CVE-2018-20105
The related OpenSUSE/SUSE entries confirm CVE-2018-20105 affects yast2-rmt and was fixed by updating to yast2-rmt 1.3.0 (openSUSE-2020-320, SUSE-SU-2020:0578-1). The mitigation is to apply this update; the fix addresses an exposure of the CA private key passphrase contained in log files. Summary ...
CVE-2009-3547
CVE-2009-3547 refers to multiple race conditions in fs/pipe.c of the Linux kernel before 2.6.32-rc6. The flaws can allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by opening an anonymous pipe via a /proc/*/fd/ pathname. A fix is availa...
CVE-2014-1509
CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...
CVE-2013-5609
CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...
CVE-2015-2738
CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...
CVE-2016-5244
CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...
CVE-2010-3081
CVE-2010-3081 describes a local privilege-escalation in the Linux kernel’s 64-bit compat layer due to missing sanity checks in compat_alloc_user_space, enabling a local user to abuse compat_mc_getsockopt controlling a length value. Affected: kernel 2.6.x before 2.6.36-rc4-git2 on 64-bit platforms...
CVE-2010-4494
CVE-2010-4494 is a double-free vulnerability in libxml2 (notably 2.7.8 and related versions) used by Chrome and other products. The issue affects libxml2’s handling of XPath/XML entities and could allow a remote attacker to crash or potentially execute code via crafted XML input. Public advisorie...
CVE-2014-1477
CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...
CVE-2014-3610
CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...
CVE-2014-1493
CVE-2014-1493 is a Mozilla Firefox/Thunderbird/SeaMonkey browser-engine vulnerability reported in multiple advisories. IBM Storwize V7000 Unified and IBM SONAS bulletins note these issues affect shipped Firefox and advise upgrading to version 1.4.3.3 (Storwize Unified) or 1.4.3.3 (SONAS) to apply...
CVE-2014-1512
The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...
CVE-2014-1514
CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...