VIR Vulnerability Intelligence Relay

Search

Found 62 results in 342ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2017-5753 medium 5.6 6.6 EXPFIX arch arch slesdebian debian inteloraclesynology 9y ago Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2016-1252 medium 5.9 6.9 EXPFIX debian debianubuntu ubuntu debian 9y ago The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 bef…
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-14491 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleyssusenvidia 9y ago multiple issues in dnsmasq
CVE-2017-14494 medium 5.9 6.9 EXPFIX arch arch slesdebian debian thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-14493 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-14492 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-9936 medium 6.5 7.5 EXPFIX slesdebian debianubuntu ubuntu libtiff 9y ago In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2016-4578 medium 5.5 6.5 EXPFIX sles linux-kerneldebian debian 10y ago sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of…
CVE-2016-4486 low 3.3 4.3 EXPFIX slesdebian debianubuntu ubuntu novell 10y ago The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from …
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-3717 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3716 low 3.3 4.3 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-2107 medium 5.9 6.9 EXPFIX sles rhelsuse suse opensslhpnodejs 10y ago The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart…
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2188 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c…
CVE-2016-2184 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin…
CVE-2016-3074 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse libgdphp 10y ago Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g…
CVE-2015-4870 medium 5.0 EXP ubuntu ubuntudebian debiansuse suse oraclemariadb 11y ago Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
CVE-2015-4000 low 3.7 4.7 EXPFIX slesdebian debianmacos macos opensslibmoracle 11y ago The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to c…
CVE-2015-0802 medium 6.0 EXP suse suseubuntu ubuntu mozilla 11y ago Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr…
CVE-2015-0240 critical 10.0 EXPFIX rhelubuntu ubuntususe suse samba 11y ago The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized st…
CVE-2014-8768 medium 6.0 EXPFIX suse suseubuntu ubuntudebian debian redhat 12y ago Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a…
CVE-2014-0476 low 4.7 EXPFIX debian debianubuntu ubuntu chkrootkit 12y ago The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerabilit…
CVE-2014-5207 medium 7.2 EXPFIX debian debian linux-kernelubuntu ubuntu 12y ago fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows …
CVE-2014-4699 medium 7.9 EXPFIX debian debian linux-kernelubuntu ubuntu 12y ago The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows …
CVE-2014-1739 low 3.1 EXPFIX debian debianubuntu ubuntususe suse 12y ago The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive in…
CVE-2012-0943 low 3.1 EXPFIX ubuntu ubuntudebian debian robert_ancell 12y ago debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name …
CVE-2014-1511 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2014-1510 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript cod…
CVE-2011-4613 medium 5.6 EXPFIX ubuntu ubuntudebian debian x.org 13y ago The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restricti…
CVE-2012-6151 medium 5.3 EXPFIX debian debianmacos macosubuntu ubuntu net-snmp 13y ago Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, …
CVE-2013-4474 medium 6.0 EXPFIX ubuntu ubuntudebian debian freedesktop 13y ago Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in …
CVE-2013-4124 medium 6.0 EXPFIX ubuntu ubuntu rhelfedora fedora samba 13y ago Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (…
CVE-2013-2852 medium 7.9 EXPFIX debian debianubuntu ubuntu linux-kernel 13y ago Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain pr…
CVE-2013-1899 medium 7.5 EXP ubuntu ubuntu postgresql 13y ago Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remot…
CVE-2013-1861 medium 6.0 EXP ubuntu ubuntudebian debian rhel mariadboracle 13y ago MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers…
CVE-2013-2566 medium 5.9 6.9 EXP ubuntu ubuntu oraclemozilla 13y ago The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis…
CVE-2013-0758 critical 10.0 EXP ubuntu ubuntususe suse rhel mozilla 14y ago Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a…
CVE-2013-0757 critical 10.0 EXP ubuntu ubuntususe suse mozilla 14y ago The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15…
CVE-2013-0753 critical 10.0 EXP ubuntu ubuntususe suse rhel mozilla 14y ago Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird…
CVE-2012-5612 medium 7.5 EXP suse suseubuntu ubuntu mariadboracle 14y ago Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (m…
CVE-2012-3571 medium 7.1 EXPFIX debian debianubuntu ubuntu isc 14y ago ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
CVE-2011-3389 medium 5.3 EXPFIX slesdebian debianubuntu ubuntu googlemicrosoftmozilla 15y ago The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode wi…
CVE-2011-2522 medium 7.8 EXPFIX ubuntu ubuntudebian debian samba 15y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators…
CVE-2011-0762 medium 5.0 EXPFIX fedora fedoraubuntu ubuntudebian debian vsftpd_project 16y ago The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob ex…
CVE-2010-3850 low 3.1 EXPFIX linux-kernelsuse susedebian debian 16y ago The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions …
CVE-2010-3849 medium 5.7 EXPFIX linux-kernelsuse susedebian debian 16y ago The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer derefere…
CVE-2010-3848 medium 7.9 EXPFIX linux-kernelsuse susedebian debian 16y ago Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges b…
CVE-2010-3858 medium 5.9 EXPFIX linux-kerneldebian debianubuntu ubuntu 16y ago The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) …
CVE-2010-2963 medium 7.2 EXPFIX linux-kernelsuse susefedora fedora 16y ago drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, w…
CVE-2010-3870 medium 7.8 EXP ubuntu ubuntu php 16y ago The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass …
CVE-2010-3709 medium 5.3 EXP ubuntu ubuntu php 16y ago The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and applicatio…
CVE-2010-3437 medium 7.6 EXPFIX ubuntu ubuntususe suse linux-kernel 16y ago Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory…
CVE-2010-2008 low 4.5 EXP ubuntu ubuntufedora fedora oracle 16y ago MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# strin…
CVE-2010-0832 medium 7.9 EXPFIX ubuntu ubuntudebian debian 16y ago pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the own…
CVE-2010-1205 critical 9.8 10.0 EXPFIX macos macossuse susedebian debian libpnggoogleapple 16y ago Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers…
CVE-2010-0307 medium 5.7 EXPFIX ubuntu ubuntudebian debian linux-kernel 17y ago The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY m…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…