VIR Vulnerability Intelligence Relay

Search

Found 1,303 results in 497ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-8867 high 7.5 7.5 slesubuntu ubuntu php 10y ago The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w…
CVE-2016-4441 medium 6.0 6.0 FIX slesubuntu ubuntudebian debian qemu 10y ago The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of servi…
CVE-2016-4439 medium 6.7 6.7 FIX slesubuntu ubuntudebian debian qemu 10y ago The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause …
CVE-2016-1840 high 7.8 7.8 FIX debian debian rhelubuntu ubuntu xmlsoftmcafee 10y ago Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows …
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-1837 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos mcafeexmlsoft 10y ago Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS …
CVE-2016-1836 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos xmlsoftmcafee 10y ago Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows…
CVE-2016-1835 high 8.8 8.8 FIX debian debianubuntu ubuntumacos macos 10y ago Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of servic…
CVE-2016-1834 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu xmlsoftmcafee 10y ago Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attac…
CVE-2016-1833 medium 5.5 5.5 FIX debian debianubuntu ubuntumacos macos xmlsoftmcafee 10y ago The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of…
CVE-2016-3705 high 7.5 7.5 FIX debian debianubuntu ubuntususe suse xmlsofthp 10y ago The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to caus…
CVE-2016-3627 high 7.5 7.5 FIX slesubuntu ubuntudebian debian hpxmlsoftredhat 10y ago The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consum…
CVE-2016-1669 high 8.8 8.8 FIX slesubuntu ubuntudebian debian googlenodejs 10y ago The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows rem…
CVE-2016-3712 medium 5.5 5.5 FIX slesubuntu ubuntudebian debian qemucitrix 10y ago Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710 high 8.8 8.8 FIX slesubuntu ubuntudebian debian hpqemuoracle 10y ago The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes …
CVE-2016-4556 high 7.5 7.5 FIX slesubuntu ubuntudebian debian squid-cache 10y ago Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-4555 high 7.5 7.5 FIX slesubuntu ubuntudebian debian squid-cache 10y ago client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4554 high 8.6 8.6 FIX slesubuntu ubuntudebian debian squid-cache 10y ago mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header sm…
CVE-2016-4553 high 8.6 8.6 FIX slesubuntu ubuntudebian debian squid-cache 10y ago client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks vi…
CVE-2016-4476 high 7.5 7.5 FIX slesarch archubuntu ubuntu w1.fi 10y ago hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) …
CVE-2015-8868 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu freedesktop 10y ago Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or poss…
CVE-2016-4008 medium 5.9 5.9 FIX slesdebian debiansuse suse gnu 10y ago The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infini…
CVE-2016-3717 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-2107 medium 5.9 6.9 EXPFIX sles rhelsuse suse opensslhpnodejs 10y ago The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart…
CVE-2016-2105 high 7.5 7.5 FIX sles rhelsuse suse oracleopensslnodejs 10y ago Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption)…
CVE-2016-3951 medium 4.6 4.6 FIX slesdebian debiansuse suse novellsuse 10y ago Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified ot…
CVE-2016-3689 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device…
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3138 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) v…
CVE-2016-3137 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device withou…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2188 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c…
CVE-2016-2187 medium 4.6 4.6 FIX slesdebian debiansuse suse novell 10y ago The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)…
CVE-2016-2186 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system…
CVE-2016-2185 medium 4.6 4.6 FIX debian debiansuse suseubuntu ubuntu novell 10y ago The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and sy…
CVE-2016-2117 high 7.5 7.5 FIX debian debianubuntu ubuntu linux-kernel 10y ago The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive informa…
CVE-2016-1576 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top o…
CVE-2016-1575 high 7.8 8.8 EXPFIX slesdebian debianubuntu ubuntu 10y ago The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid direc…
CVE-2015-8839 medium 5.1 5.1 FIX slesdebian debianubuntu ubuntu 10y ago Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated …
CVE-2015-8325 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu openbsd 10y ago The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows loc…
CVE-2016-3672 high 7.8 8.8 EXPFIX slesdebian debiansuse suse novell 10y ago The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the int…
CVE-2016-3156 medium 5.5 5.5 FIX slesdebian debiansuse suse novell 10y ago The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging fo…
CVE-2016-3135 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of servi…
CVE-2016-2383 medium 5.5 5.5 FIX slesdebian debiansuse suse 10y ago The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information fr…
CVE-2016-2184 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin…
CVE-2016-2069 high 7.4 7.4 FIX slesdebian debianubuntu ubuntu 10y ago Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2016-4054 high 8.1 8.1 FIX slesubuntu ubuntudebian debian squid-cache 10y ago Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4052 high 8.1 8.1 FIX slesubuntu ubuntudebian debian squid-cache 10y ago Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (…
CVE-2016-4051 high 8.8 8.8 FIX slesubuntu ubuntudebian debian squid-cache 10y ago Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports wi…
CVE-2016-2115 medium 5.9 5.9 FIX slesubuntu ubuntudebian debian samba 10y ago Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB c…
CVE-2016-2114 medium 5.9 5.9 FIX slesubuntu ubuntudebian debian samba 10y ago The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle att…
CVE-2016-2113 high 7.4 7.4 FIX slesubuntu ubuntudebian debian samba 10y ago Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and …
CVE-2016-2112 medium 5.9 5.9 FIX slesubuntu ubuntudebian debian samba 10y ago The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-midd…
CVE-2016-2111 medium 6.3 6.3 FIX slesubuntu ubuntudebian debian samba 10y ago The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a se…
CVE-2016-2110 medium 5.9 5.9 FIX slesubuntu ubuntudebian debian samba 10y ago The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by mo…
CVE-2015-5370 medium 5.9 5.9 FIX slesubuntu ubuntudebian debian samba 10y ago Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a…
CVE-2013-7449 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu xchathexchat_project 10y ago The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows m…
CVE-2016-0668 medium 4.1 4.1 slessuse susedebian debian oraclemariadb 10y ago Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors r…
CVE-2016-0665 medium 5.5 5.5 sles rhelubuntu ubuntu oracle 10y ago Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.
CVE-2016-0661 medium 4.7 4.7 sles rhelubuntu ubuntu oracle 10y ago Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.
CVE-2016-0642 medium 4.7 4.7 sles rhelsuse suse oraclesusemariadb 10y ago Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CVE-2015-7802 medium 5.5 5.5 FIX ubuntu ubuntudebian debian optipng_project 10y ago gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
CVE-2015-7801 high 8.8 8.8 FIX ubuntu ubuntudebian debian optipng_project 10y ago Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
CVE-2014-9765 high 8.8 8.8 FIX debian debianubuntu ubuntususe suse xdelta 10y ago Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
CVE-2016-3941 medium 5.5 5.5 FIX ubuntu ubuntudebian debian videolan 10y ago Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, rela…
CVE-2016-1655 high 8.8 8.8 debian debianubuntu ubuntususe suse google 10y ago Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or pos…
CVE-2016-1654 medium 6.5 6.5 debian debianubuntu ubuntususe suse google 10y ago The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk…
CVE-2016-1653 high 8.8 8.8 debian debianubuntu ubuntususe suse google 10y ago The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecifie…
CVE-2016-3961 medium 5.5 5.5 FIX debian debianubuntu ubuntu 10y ago Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to…
CVE-2015-5247 medium 6.5 6.5 FIX debian debianubuntu ubuntu redhat 10y ago The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl…
CVE-2011-4600 medium 5.9 5.9 FIX debian debianubuntu ubuntu redhat 10y ago The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow rem…
CVE-2015-8560 high 7.3 7.3 FIX debian debianubuntu ubuntu linuxfoundation 10y ago Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a …
CVE-2016-0739 medium 5.9 5.9 FIX slesdebian debianubuntu ubuntu libssh 10y ago libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-i…
CVE-2015-3146 high 7.5 7.5 FIX debian debianubuntu ubuntufedora fedora libssh 10y ago The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (…
CVE-2016-3982 high 8.8 8.8 FIX suse suseubuntu ubuntudebian debian optipng_project 10y ago Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly e…
CVE-2016-3981 high 7.8 7.8 FIX ubuntu ubuntudebian debian optipng_project 10y ago Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or p…
CVE-2016-2191 medium 6.5 6.5 FIX suse suseubuntu ubuntudebian debian optipng 10y ago The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a craf…
CVE-2015-8552 medium 4.4 4.4 FIX debian debianubuntu ubuntu 10y ago The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag…
CVE-2016-2116 medium 5.7 5.7 FIX slesarch archubuntu ubuntu jasper_project 10y ago Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG…
CVE-2016-1577 high 7.6 7.6 FIX slesarch archubuntu ubuntu jasper_project 10y ago Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cr…
CVE-2016-2118 high 7.5 7.5 FIX slesubuntu ubuntudebian debian samba 10y ago The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers …
CVE-2016-3157 high 7.8 7.8 FIX debian debianubuntu ubuntu 10y ago The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause…
CVE-2016-2857 high 8.4 8.4 FIX slesubuntu ubuntudebian debian qemuredhat 10y ago The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-2381 high 7.5 7.5 FIX slessuse suseubuntu ubuntu perloracle 10y ago Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVE-2016-2510 high 8.1 8.1 FIX slesdebian debianubuntu ubuntu beanshell 10y ago Improper Input Validation in BeanShell
CVE-2016-2858 medium 6.5 6.5 FIX slesubuntu ubuntudebian debian qemu 10y ago QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbit…
CVE-2016-3947 high 8.2 8.2 FIX slesubuntu ubuntudebian debian squid-cache 10y ago Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performan…
CVE-2016-3679 high 8.8 8.8 suse suseubuntu ubuntu google 10y ago Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unkn…
CVE-2016-1649 high 8.8 8.8 suse suseubuntu ubuntudebian debian google 10y ago The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attacker…
CVE-2016-1647 high 8.8 8.8 suse suseubuntu ubuntudebian debian google 10y ago Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.26…
CVE-2016-1762 high 8.1 8.1 FIX debian debianmacos macosubuntu ubuntu applexmlsoftmcafee 10y ago The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2856 high 8.4 9.4 EXPFIX debian debianubuntu ubuntu gnu 10y ago pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc pack…
CVE-2015-7560 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu samba 10y ago The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by usi…
CVE-2016-1286 high 8.6 8.6 FIX slesdebian debianubuntu ubuntu iscsusejuniper 10y ago named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME r…
CVE-2016-1285 medium 6.8 6.8 FIX slesdebian debiansuse suse iscsusejuniper 10y ago named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service …
CVE-2016-2774 medium 5.9 5.9 FIX slesdebian debianubuntu ubuntu isc 10y ago ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertio…
CVE-2016-0797 high 7.5 7.5 FIX debian debianubuntu ubuntu opensslnodejs 10y ago Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly …
CVE-2016-0702 medium 5.1 5.1 FIX debian debianubuntu ubuntu opensslnodejs 10y ago The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiati…
CVE-2016-0763 medium 6.3 6.3 FIX debian debianubuntu ubuntu apache 10y ago The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink…