Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0433 6 Canonical, Debian, Mariadb and 3 more 18 Ubuntu Linux, Debian Linux, Mariadb and 15 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
CVE-2015-0408 6 Canonical, Debian, Novell and 3 more 11 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
CVE-2016-3689 3 Canonical, Linux, Novell 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more 2025-04-12 N/A
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
CVE-2015-2304 3 Canonical, Libarchive, Opensuse 3 Ubuntu Linux, Libarchive, Opensuse 2025-04-12 N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2014-9604 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.
CVE-2015-1315 2 Canonical, Info-zip 2 Ubuntu Linux, Unzip 2025-04-12 N/A
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
CVE-2016-0706 4 Apache, Canonical, Debian and 1 more 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
CVE-2011-4406 1 Canonical 2 Accountsservice, Ubuntu Linux 2025-04-12 N/A
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
CVE-2011-4407 1 Canonical 2 Software-properties, Ubuntu Linux 2025-04-12 N/A
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
CVE-2015-1802 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2025-04-12 N/A
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
CVE-2014-8121 4 Canonical, Gnu, Redhat and 1 more 5 Ubuntu Linux, Glibc, Enterprise Linux and 2 more 2025-04-12 N/A
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
CVE-2015-4815 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
CVE-2015-0830 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.
CVE-2014-3925 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Sos 2025-04-12 N/A
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVE-2016-3679 4 Canonical, Google, Opensuse and 1 more 5 Ubuntu Linux, Chrome, V8 and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-7162 2 Canonical, File Roller Project 2 Ubuntu Linux, File Roller 2025-04-12 7.5 High
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
CVE-2015-0802 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
CVE-2015-2740 6 Canonical, Debian, Mozilla and 3 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 N/A
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
CVE-2014-9093 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 N/A
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-5033 4 Canonical, Debian, Kde and 1 more 5 Ubuntu Linux, Kde4libs, Kauth and 2 more 2025-04-12 N/A
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."