Search Results (3295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5771 4 Debian, Opensuse, Php and 1 more 5 Debian Linux, Leap, Opensuse and 2 more 2025-04-12 9.8 Critical
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
CVE-2014-0482 2 Djangoproject, Opensuse 2 Django, Opensuse 2025-04-12 N/A
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
CVE-2014-2528 2 Kdirstat Project, Opensuse 2 Kdirstat, Opensuse 2025-04-12 N/A
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
CVE-2014-2527 2 Kdirstat Project, Opensuse 2 Kdirstat, Opensuse 2025-04-12 N/A
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
CVE-2016-7466 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2025-04-12 6.0 Medium
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2014-2326 4 Cacti, Debian, Fedoraproject and 1 more 4 Cacti, Debian Linux, Fedora and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2324 5 Contec, Debian, Lighttpd and 2 more 7 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Debian Linux and 4 more 2025-04-12 N/A
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2014-1934 2 Opensuse, Travis Shirk 2 Opensuse, Eyed3 2025-04-12 N/A
tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-1830 2 Opensuse, Python 2 Opensuse, Requests 2025-04-12 N/A
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
CVE-2014-1519 4 Canonical, Fedoraproject, Mozilla and 1 more 5 Ubuntu Linux, Fedora, Firefox and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-7141 3 Haxx, Opensuse, Redhat 5 Libcurl, Leap, Enterprise Linux and 2 more 2025-04-12 N/A
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
CVE-2016-6153 3 Fedoraproject, Opensuse, Sqlite 3 Fedora, Leap, Sqlite 2025-04-12 N/A
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2025-04-12 N/A
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6265 2 Artifex, Opensuse 3 Mupdf, Leap, Opensuse 2025-04-12 N/A
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
CVE-2016-4342 3 Opensuse, Php, Redhat 3 Leap, Php, Rhel Software Collections 2025-04-12 N/A
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
CVE-2016-4343 3 Opensuse, Php, Redhat 3 Opensuse, Php, Rhel Software Collections 2025-04-12 8.8 High
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
CVE-2016-4348 3 Debian, Gnome, Opensuse 4 Debian Linux, Librsvg, Leap and 1 more 2025-04-12 N/A
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
CVE-2016-7787 2 Kde, Opensuse 3 Kde-cli-tools, Leap, Opensuse 2025-04-12 N/A
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
CVE-2016-8577 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 6.0 Medium
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
CVE-2016-8669 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2025-04-12 6.0 Medium
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.