Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9911 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2025-04-12 6.5 Medium
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-7142 2 Debian, Inspircd 2 Debian Linux, Inspircd 2025-04-12 N/A
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.
CVE-2014-9496 5 Canonical, Debian, Libsndfile Project and 2 more 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more 2025-04-12 N/A
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2013-6892 2 Debian, Websvn 2 Debian Linux, Websvn 2025-04-12 N/A
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2016-1233 1 Debian 2 Debian Linux, Fuse 2025-04-12 N/A
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.
CVE-2016-9189 2 Debian, Python 2 Debian Linux, Pillow 2025-04-12 N/A
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
CVE-2015-4167 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-12 N/A
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
CVE-2014-8150 4 Canonical, Debian, Haxx and 1 more 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more 2025-04-12 N/A
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
CVE-2015-8868 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
CVE-2015-3417 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-12 N/A
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
CVE-2016-1687 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
CVE-2014-3611 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 4.7 Medium
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
CVE-2016-3992 3 Cronic Project, Debian, Opensuse 4 Cronic, Debian Linux, Leap and 1 more 2025-04-12 N/A
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVE-2016-3070 3 Debian, Linux, Redhat 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-12 N/A
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
CVE-2015-2047 2 Debian, Typo3 2 Debian Linux, Typo3 2025-04-12 N/A
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
CVE-2016-3822 2 Debian, Google 2 Debian Linux, Android 2025-04-12 N/A
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
CVE-2014-7204 3 Canonical, Debian, Mageia 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more 2025-04-12 N/A
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
CVE-2014-9653 4 Debian, File Project, Php and 1 more 4 Debian Linux, File, Php and 1 more 2025-04-12 N/A
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
CVE-2015-8807 3 Debian, Fedoraproject, Horde 3 Debian Linux, Fedora, Groupware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
CVE-2015-1236 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2025-04-12 N/A
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.