Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3219 4 Debian, Openstack, Oracle and 1 more 4 Debian Linux, Horizon, Solaris and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
CVE-2015-3225 4 Debian, Opensuse, Rack Project and 1 more 6 Debian Linux, Opensuse, Rack and 3 more 2025-04-12 N/A
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
CVE-2015-3231 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
CVE-2015-3234 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
CVE-2016-2510 4 Beanshell, Canonical, Debian and 1 more 8 Beanshell, Ubuntu Linux, Debian Linux and 5 more 2025-04-12 8.1 High
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2015-4106 6 Canonical, Citrix, Debian and 3 more 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more 2025-04-12 N/A
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
CVE-2015-4167 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-12 N/A
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
CVE-2015-3232 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.
CVE-2016-3822 2 Debian, Google 2 Debian Linux, Android 2025-04-12 N/A
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
CVE-2015-7512 4 Debian, Oracle, Qemu and 1 more 10 Debian Linux, Linux, Qemu and 7 more 2025-04-12 9.0 Critical
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7513 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 6.5 Medium
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.
CVE-2016-3630 5 Debian, Fedoraproject, Mercurial and 2 more 7 Debian Linux, Fedora, Mercurial and 4 more 2025-04-12 8.8 High
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
CVE-2015-4551 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
CVE-2015-7942 6 Apple, Canonical, Debian and 3 more 11 Iphone Os, Mac Os X, Tvos and 8 more 2025-04-12 N/A
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2015-7560 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 6.5 Medium
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
CVE-2015-4752 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
CVE-2014-5461 5 Canonical, Debian, Lua and 2 more 5 Ubuntu Linux, Debian Linux, Lua and 2 more 2025-04-12 N/A
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
CVE-2014-4258 7 Debian, Mariadb, Opensuse Project and 4 more 15 Debian Linux, Mariadb, Suse Linux Enterprise Desktop and 12 more 2025-04-12 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
CVE-2016-2198 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 5.5 Medium
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.