Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5424 3 Debian, Postgresql, Redhat 5 Debian Linux, Postgresql, Enterprise Linux and 2 more 2025-04-12 N/A
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
CVE-2016-5771 4 Debian, Opensuse, Php and 1 more 5 Debian Linux, Leap, Opensuse and 2 more 2025-04-12 9.8 Critical
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
CVE-2016-5772 5 Debian, Opensuse, Php and 2 more 8 Debian Linux, Leap, Opensuse and 5 more 2025-04-12 9.8 Critical
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
CVE-2016-6128 6 Canonical, Debian, Libgd and 3 more 6 Ubuntu Linux, Debian Linux, Libgd and 3 more 2025-04-12 7.5 High
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-6313 4 Canonical, Debian, Gnupg and 1 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2025-04-12 N/A
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
CVE-2015-4473 5 Canonical, Debian, Mozilla and 2 more 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4651 3 Debian, Oracle, Wireshark 3 Debian Linux, Solaris, Wireshark 2025-04-12 N/A
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-5461 5 Canonical, Debian, Lua and 2 more 5 Ubuntu Linux, Debian Linux, Lua and 2 more 2025-04-12 N/A
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
CVE-2015-4737 4 Canonical, Debian, Oracle and 1 more 6 Ubuntu Linux, Debian Linux, Mysql and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
CVE-2015-4757 6 Canonical, Debian, Mariadb and 3 more 13 Ubuntu Linux, Debian Linux, Mariadb and 10 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
CVE-2015-4813 2 Debian, Oracle 2 Debian Linux, Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
CVE-2015-1259 3 Debian, Google, Redhat 3 Debian Linux, Chrome, Rhel Extras 2025-04-12 N/A
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2015-3310 3 Canonical, Debian, Point-to-point Protocol Project 3 Ubuntu Linux, Debian Linux, Point-to-point Protocol 2025-04-12 N/A
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
CVE-2016-2381 5 Canonical, Debian, Opensuse and 2 more 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more 2025-04-12 7.5 High
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVE-2015-5252 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 7.2 High
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-2331 5 Debian, Fedoraproject, Nih and 2 more 5 Debian Linux, Fedora, Libzip and 2 more 2025-04-12 N/A
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
CVE-2015-5307 6 Canonical, Debian, Linux and 3 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2015-5351 4 Apache, Canonical, Debian and 1 more 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
CVE-2010-5312 7 Apache, Debian, Drupal and 4 more 7 Drill, Debian Linux, Drupal and 4 more 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
CVE-2015-5364 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.