VIR Vulnerability Intelligence Relay

Search

Found 1,763 results in 516ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-2468 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2466 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2464 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2460 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2459 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2457 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr…
CVE-2017-2455 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2454 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2447 high 8.1 9.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2446 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2445 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2442 medium 6.5 7.5 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attacke…
CVE-2017-7308 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in…
CVE-2017-6542 critical 9.8 10.0 EXPFIX suse susedebian debian putty 9y ago The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect…
CVE-2017-5899 high 7.0 8.0 EXPFIX debian debian s-nail_project 9y ago Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
CVE-2015-8556 critical 10.0 10.0 EXPFIX slesdebian debian qemu 9y ago Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2017-5930 low 2.7 3.7 EXPFIX suse susedebian debian postfixadmin_project 9y ago The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch…
CVE-2017-7178 high 8.8 9.8 EXPFIX debian debian deluge-torrent 9y ago CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus…
CVE-2017-6060 high 7.8 8.8 EXPFIX arch archdebian debian artifex 9y ago Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-6255 high 7.5 8.5 EXP debian debian libupnp_project 9y ago Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
CVE-2017-5982 high 7.5 8.5 EXPFIX debian debian kodi 9y ago Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by …
CVE-2016-2226 high 7.8 8.8 EXPFIX slesdebian debian gnu 9y ago Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
CVE-2017-2373 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2371 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-2369 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2365 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2364 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the…
CVE-2017-2363 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2362 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-6074 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
CVE-2016-10134 critical 9.8 10.0 EXPFIX debian debian zabbix 9y ago SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2017-5991 high 7.5 8.5 EXPFIX debian debian artifex 9y ago An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix…
CVE-2017-5972 high 7.5 8.5 EXPFIX slesdebian debian linux-kernel 9y ago The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi…
CVE-2016-6210 medium 5.9 6.9 EXPFIX slesdebian debian openbsd 9y ago sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu…
CVE-2017-5180 high 8.8 9.8 EXPFIX arch archdebian debian firejail_project 9y ago Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users …
CVE-2016-6175 critical 9.8 10.0 EXPFIX debian debian php-gettext_project 9y ago Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
CVE-2017-5630 high 7.5 8.5 EXP slesdebian debian php 10y ago PEAR core file overwrite vulnerability
CVE-2016-2399 high 7.8 8.8 EXPFIX slesdebian debian libquicktime 10y ago Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h…
CVE-2017-3316 high 8.4 9.4 EXPFIX debian debian oracle 10y ago Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…
CVE-2017-3241 critical 9.0 10.0 EXPFIX slesdebian debian oracle 10y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u…
CVE-2016-4793 high 7.5 8.5 EXPFIX debian debian cakephp 10y ago CakePHP allows remote attackers to spoof their IP
CVE-2016-4338 high 8.1 9.1 EXPFIX debian debian zabbix 10y ago The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
CVE-2016-10156 high 7.8 8.8 EXPFIX debian debian systemd_project 10y ago A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th…
CVE-2016-5725 medium 5.9 6.9 EXPFIX debian debian jcraft 10y ago Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
CVE-2016-6897 medium 6.5 7.5 EXPFIX debian debian wordpress 10y ago Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio…
CVE-2016-6896 high 7.1 8.1 EXPFIX debian debian wordpress 10y ago Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
CVE-2016-7998 high 8.8 9.8 EXPFIX debian debian spip 10y ago The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a…
CVE-2016-7982 high 7.5 8.5 EXPFIX debian debian spip 10y ago Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti…
CVE-2016-7980 high 8.8 9.8 EXPFIX debian debian spip 10y ago Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu…
CVE-2016-2233 high 7.5 8.5 EXPFIX slesdebian debian hexchat_project 10y ago Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP …
CVE-2016-2087 high 7.4 8.4 EXPFIX slesdebian debian hexchat_project 10y ago Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2017-5223 medium 5.5 6.5 EXPFIX slesdebian debian phpmailer_project 10y ago Local file disclosure in PHPMailer
CVE-2017-5487 medium 5.3 6.3 EXPFIX arch archdebian debian wordpress 10y ago wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote…
CVE-2016-9813 medium 5.5 6.5 EXPFIX slesdebian debian gstreamer 10y ago The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-7434 high 7.5 8.5 EXPFIX slesarch archdebian debian ntphpe 10y ago The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-10010 high 7.0 8.0 EXPFIX slesarch archdebian debian openbsd 10y ago sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to …
CVE-2016-10009 high 7.3 8.3 EXPFIX slesarch archdebian debian openbsd 10y ago Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s…
CVE-2016-10074 critical 9.8 10.0 EXPFIX debian debian swiftmailer 10y ago Swift Mailer mail transport Command Injection
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-10081 high 7.8 8.8 EXPFIX debian debian shutter-project 10y ago /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
CVE-2016-9793 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 10y ago The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory …
CVE-2016-8655 high 7.8 8.8 EXPFIX slesarch archdebian debian 10y ago Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capabilit…
CVE-2016-8740 high 7.5 8.5 EXPFIX debian debian sles apache 10y ago The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…
CVE-2016-1247 high 7.8 8.8 EXPFIX slesarch archdebian debian f5nginx 10y ago The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu…
CVE-2015-1328 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem director…
CVE-2016-6828 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 10y ago The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a deni…
CVE-2016-1240 high 7.8 8.8 EXP debian debianubuntu ubuntu apache 10y ago The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 …
CVE-2016-2776 high 7.5 8.5 EXPFIX slesdebian debianarch arch isc 10y ago buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service…
CVE-2016-7098 high 8.1 9.1 EXPFIX slesdebian debian gnu 10y ago Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP …
CVE-2016-6662 critical 9.8 10.0 EXP slesdebian debian rhel oracleperconamariadb 10y ago Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
CVE-2016-3861 high 7.8 8.8 EXPFIX debian debian 10y ago LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with differen…
CVE-2016-6855 high 7.5 8.5 EXPFIX slesdebian debiansuse suse gnome 10y ago Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds wr…
CVE-2016-0772 medium 6.5 7.5 EXPFIX slesdebian debian python 10y ago The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa…
CVE-2016-6515 high 7.5 8.5 EXPFIX slesfedora fedoradebian debian openbsd 10y ago The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (cryp…
CVE-2016-6512 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a c…
CVE-2016-6505 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and appl…
CVE-2016-6504 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service…
CVE-2016-6503 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of servic…
CVE-2016-6187 high 7.8 8.8 EXPFIX debian debian linux-kernel 10y ago The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor …
CVE-2016-6186 medium 6.1 7.1 EXPFIX slesdebian debian djangoproject 10y ago Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an…
CVE-2016-4998 high 7.1 8.1 EXPFIX slesdebian debian linux-kernel 10y ago The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sens…
CVE-2016-4997 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of …
CVE-2016-5734 critical 9.8 10.0 EXPFIX debian debian phpmyadmin 10y ago phpMyAdmin Code Injection vulnerability
CVE-2016-4971 high 8.8 9.8 EXPFIX slesubuntu ubuntudebian debian gnu 10y ago GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
CVE-2016-1583 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel novell 10y ago The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vecto…
CVE-2016-2819 high 8.8 9.8 EXPFIX slesdebian debianubuntu ubuntu mozilla 10y ago Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fr…
CVE-2016-5108 critical 9.8 10.0 EXPFIX slesdebian debian videolan 10y ago Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute ar…
CVE-2016-4578 medium 5.5 6.5 EXPFIX sles linux-kerneldebian debian 10y ago sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of…
CVE-2016-4558 high 7.0 8.0 EXPFIX slesdebian debianubuntu ubuntu 10y ago The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a …
CVE-2016-4557 high 7.8 8.8 EXPFIX sles linux-kerneldebian debian 10y ago The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or caus…
CVE-2016-4486 low 3.3 4.3 EXPFIX slesdebian debianubuntu ubuntu novell 10y ago The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from …
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-3717 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3716 low 3.3 4.3 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-2107 medium 5.9 6.9 EXPFIX sles rhelsuse suse opensslhpnodejs 10y ago The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart…
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2854 high 7.8 8.8 EXPFIX debian debian linux-kernel 10y ago The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.