Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3707 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 N/A
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
CVE-2013-7458 2 Debian, Redislabs 2 Debian Linux, Redis 2025-04-12 N/A
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2014-3730 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2025-04-12 N/A
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
CVE-2016-5126 5 Canonical, Debian, Oracle and 2 more 13 Ubuntu Linux, Debian Linux, Linux and 10 more 2025-04-12 7.8 High
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2013-6474 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 N/A
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2014-4049 4 Debian, Opensuse, Php and 1 more 5 Debian Linux, Opensuse, Php and 2 more 2025-04-12 N/A
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
CVE-2016-4610 5 Apple, Debian, Fedoraproject and 2 more 10 Icloud, Iphone Os, Itunes and 7 more 2025-04-12 9.8 Critical
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
CVE-2016-4561 2 Debian, Ikiwiki 2 Debian Linux, Ikiwiki 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
CVE-2016-4544 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2025-04-12 9.8 Critical
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE-2016-6354 2 Debian, Westes 2 Debian Linux, Flex 2025-04-12 N/A
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
CVE-2016-6351 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 6.7 Medium
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
CVE-2014-1737 5 Debian, Linux, Oracle and 2 more 12 Debian Linux, Linux Kernel, Linux and 9 more 2025-04-12 N/A
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVE-2015-4047 5 Canonical, Debian, F5 and 2 more 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more 2025-04-12 N/A
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
CVE-2014-1738 5 Debian, Linux, Oracle and 2 more 12 Debian Linux, Linux Kernel, Linux and 9 more 2025-04-12 N/A
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
CVE-2016-4463 3 Apache, Debian, Redhat 4 Xerces-c\+\+, Debian Linux, Enterprise Linux and 1 more 2025-04-12 N/A
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
CVE-2016-4449 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 N/A
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
CVE-2016-4441 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 6.0 Medium
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
CVE-2016-4439 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 6.7 Medium
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
CVE-2016-6318 3 Cracklib Project, Debian, Opensuse 3 Cracklib, Debian Linux, Leap 2025-04-12 7.8 High
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
CVE-2016-4423 2 Debian, Sensiolabs 2 Debian Linux, Symfony 2025-04-12 N/A
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.