Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2025-04-12 N/A
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-1692 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-5964 4 Canonical, Djangoproject, Oracle and 1 more 4 Ubuntu Linux, Django, Solaris and 1 more 2025-04-12 N/A
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
CVE-2015-8932 5 Canonical, Debian, Libarchive and 2 more 7 Ubuntu Linux, Debian Linux, Libarchive and 4 more 2025-04-12 N/A
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2016-4578 5 Canonical, Debian, Linux and 2 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2025-04-12 N/A
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
CVE-2016-4447 9 Apple, Canonical, Debian and 6 more 14 Iphone Os, Itunes, Mac Os X and 11 more 2025-04-12 N/A
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-5118 8 Canonical, Debian, Graphicsmagick and 5 more 15 Ubuntu Linux, Debian Linux, Graphicsmagick and 12 more 2025-04-12 9.8 Critical
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2015-5289 4 Canonical, Debian, Postgresql and 1 more 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more 2025-04-12 N/A
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CVE-2016-0797 5 Canonical, Debian, Nodejs and 2 more 6 Ubuntu Linux, Debian Linux, Node.js and 3 more 2025-04-12 7.5 High
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
CVE-2016-1285 8 Canonical, Debian, Fedoraproject and 5 more 51 Ubuntu Linux, Debian Linux, Fedora and 48 more 2025-04-12 6.8 Medium
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVE-2015-5277 3 Canonical, Gnu, Redhat 8 Ubuntu Linux, Glibc, Enterprise Linux and 5 more 2025-04-12 N/A
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVE-2016-0758 3 Canonical, Linux, Redhat 12 Ubuntu Linux, Linux Kernel, Enterprise Linux and 9 more 2025-04-12 7.8 High
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2015-5296 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 5.4 Medium
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2016-3135 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 7.8 High
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2015-5252 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 7.2 High
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5260 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2025-04-12 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-5174 4 Apache, Canonical, Debian and 1 more 6 Tomcat, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 N/A
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
CVE-2015-5262 3 Apache, Canonical, Fedoraproject 3 Httpclient, Ubuntu Linux, Fedora 2025-04-12 N/A
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVE-2015-5299 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 5.3 Medium
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
CVE-2011-4600 2 Canonical, Redhat 3 Ubuntu Linux, Libvirt, Rhel Eus 2025-04-12 N/A
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.