VIR Vulnerability Intelligence Relay

Search

Found 244 results in 75ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2019-17571 critical 9.8 9.8 FIX debian debian slesubuntu ubuntu apachenetapporacle 7y ago Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ga…
CVE-2019-11068 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu xmlsoftoraclenetapp 7y ago RHSA-2020:4464: libxslt security update (Moderate)
CVE-2017-17499 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-17480 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu uclouvain 9y ago In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv…
CVE-2017-14746 critical 9.8 9.8 FIX arch arch slesdebian debian samba 9y ago Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
CVE-2017-16845 critical 10.0 10.0 FIX slesdebian debianubuntu ubuntu qemu 9y ago hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-16548 critical 9.8 9.8 FIX arch arch slesdebian debian samba 9y ago The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (…
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-0903 critical 9.8 9.8 FIX slesubuntu ubuntudebian debian rubygems 9y ago RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted…
CVE-2017-15032 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-14491 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleyssusenvidia 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-14493 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2017-14492 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVE-2017-14632 critical 9.8 9.8 FIX arch arch slesdebian debian xiph.org 9y ago Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 5501…
CVE-2017-14626 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14625 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14624 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14532 critical 9.8 9.8 FIX debian debianubuntu ubuntu imagemagick 9y ago ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14064 critical 9.8 9.8 slesdebian debian rhel ruby-lang 9y ago Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which …
CVE-2017-13139 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2016-5018 critical 9.1 9.1 slesdebian debian rhel apachenetappredhat 9y ago Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
CVE-2017-12762 critical 9.8 9.8 FIX slesdebian debian linux-kernel 9y ago In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux …
CVE-2016-9843 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-9058 critical 9.8 9.8 FIX arch archdebian debianubuntu ubuntu ytnef_project 9y ago In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
CVE-2017-6519 critical 9.1 9.1 FIX debian debian slesubuntu ubuntu avahi 9y ago avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (tra…
CVE-2017-5897 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu 9y ago The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds …
CVE-2014-9847 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu opensuse_projectimagemagick 9y ago The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVE-2014-9846 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu suseimagemagick 9y ago Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2014-9843 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2014-9841 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
CVE-2015-8768 critical 9.8 9.8 ubuntu ubuntu click_project 9y ago click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges…
CVE-2016-2148 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu busybox 9y ago Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
CVE-2016-2090 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu freedesktop 10y ago Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVE-2016-9013 critical 9.8 9.8 FIX slesarch archubuntu ubuntu djangoproject 10y ago Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it eas…
CVE-2016-7117 critical 9.8 9.8 FIX slesdebian debian linux-kernel 10y ago Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system …
CVE-2016-5180 critical 9.8 9.8 FIX slesdebian debianarch arch c-aresc-ares_projectnodejs 10y ago Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code …
CVE-2016-3955 critical 9.8 9.8 FIX slesdebian debian linux-kernel 10y ago The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecif…
CVE-2016-5118 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu graphicsmagicksuseimagemagick 10y ago The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-8866 critical 9.6 9.6 slesubuntu ubuntususe suse php 10y ago ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att…
CVE-2016-1580 critical 9.8 9.8 ubuntu ubuntu canonical 10y ago The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to ob…
CVE-2016-1578 critical 9.8 9.8 ubuntu ubuntu oxide_project 10y ago Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously t…
CVE-2015-8812 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu 10y ago drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service …
CVE-2016-4002 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu qemu 10y ago Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory cor…
CVE-2016-3074 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse libgdphp 10y ago Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g…
CVE-2015-8779 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib…
CVE-2015-8778 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu gnususe 10y ago Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s…
CVE-2015-8776 critical 9.1 9.1 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive informatio…
CVE-2014-9761 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbi…
CVE-2016-1659 critical 9.8 9.8 debian debianubuntu ubuntususe suse google 10y ago Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-7545 critical 9.8 9.8 FIX slesdebian debiansuse suse git_projectredhat 10y ago The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot…
CVE-2014-9766 critical 9.8 9.8 FIX slesubuntu ubuntudebian debian pixman 10y ago Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…
CVE-2016-0705 critical 9.8 9.8 FIX debian debianubuntu ubuntu oracleopenssl 10y ago Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory…
CVE-2015-8805 critical 9.8 9.8 FIX debian debianubuntu ubuntususe suse nettle_project 10y ago The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo…
CVE-2015-8804 critical 9.8 9.8 FIX ubuntu ubuntususe susedebian debian nettle_project 10y ago x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to…
CVE-2015-8803 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu nettle_project 10y ago The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo…
CVE-2016-0746 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu f5applenginx 10y ago Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspeci…
CVE-2016-0494 critical 10.0 FIX slesdebian debianubuntu ubuntu oracle 11y ago Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity…
CVE-2016-0483 critical 10.0 FIX slesubuntu ubuntudebian debian oracle 11y ago Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vector…
CVE-2015-8557 critical 9.0 9.0 FIX ubuntu ubuntudebian debian pygments 11y ago The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
CVE-2015-8104 critical 10.0 10.0 FIX debian debianubuntu ubuntu linux-kernel oracle 11y ago The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) excepti…
CVE-2015-4493 critical 9.3 ubuntu ubuntususe suse mozilla 11y ago Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute ar…
CVE-2015-4486 critical 10.0 FIX debian debianubuntu ubuntususe suse mozilla 11y ago The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds…
CVE-2015-4485 critical 10.0 FIX debian debianubuntu ubuntususe suse mozilla 11y ago Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malfo…
CVE-2015-4480 critical 9.3 ubuntu ubuntususe suse mozilla 11y ago Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code …
CVE-2015-4479 critical 10.0 ubuntu ubuntususe suse mozilla 11y ago Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video …
CVE-2015-4477 critical 10.0 ubuntu ubuntususe suse mozilla 11y ago Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
CVE-2015-4474 critical 10.0 ubuntu ubuntususe suse mozilla 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2015-4473 critical 10.0 slesubuntu ubuntudebian debian mozilla 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2015-2740 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remot…
CVE-2015-2739 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has …
CVE-2015-2738 critical 10.0 ubuntu ubuntudebian debiansuse suse mozilla 11y ago The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1…
CVE-2015-2737 critical 10.0 ubuntu ubuntudebian debiansuse suse mozilla 11y ago The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from …
CVE-2015-2736 critical 9.3 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which all…
CVE-2015-2735 critical 9.3 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to …
CVE-2015-2734 critical 10.0 ubuntu ubuntudebian debiansuse suse mozilla 11y ago The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 r…
CVE-2015-2724 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillanovell 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cau…
CVE-2015-4002 critical 9.0 FIX debian debian linux-kernelsuse suse 11y ago drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a d…
CVE-2015-3331 critical 9.3 FIX debian debian linux-kernelubuntu ubuntu 11y ago The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows co…
CVE-2015-3408 critical 10.0 FIX debian debianubuntu ubuntu module-signature_project 11y ago Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVE-2015-3144 critical 9.0 FIX debian debianubuntu ubuntu oraclehaxx 11y ago The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and c…
CVE-2015-2806 critical 10.0 FIX debian debianubuntu ubuntufedora fedora gnu 11y ago Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-1421 critical 10.0 FIX debian debian linux-kernelubuntu ubuntu 11y ago Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and pani…
CVE-2015-0240 critical 10.0 EXPFIX rhelubuntu ubuntususe suse samba 11y ago The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized st…
CVE-2015-0408 critical 10.0 FIX ubuntu ubuntususe susedebian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
CVE-2015-0395 critical 9.3 FIX ubuntu ubuntususe susedebian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2014-6601 critical 10.0 FIX ubuntu ubuntususe susedebian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2014-0247 critical 10.0 FIX debian debiansuse susefedora fedora libreoffice 12y ago LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
CVE-2012-1166 critical 10.0 ubuntu ubuntu canonical 12y ago The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
CVE-2014-2405 critical 10.0 ubuntu ubuntudebian debian oracle 12y ago Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.
CVE-2014-0462 critical 10.0 ubuntu ubuntudebian debian oracle 12y ago Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
CVE-2014-1532 critical 9.8 9.8 ubuntu ubuntudebian debian rhel mozilla 12y ago Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonk…
CVE-2014-1528 critical 10.0 ubuntu ubuntususe susefedora fedora mozilla 12y ago The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of ser…
CVE-2014-1525 critical 9.3 ubuntu ubuntususe susefedora fedora mozilla 12y ago The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remot…
CVE-2014-1524 critical 9.8 9.8 ubuntu ubuntudebian debian rhel mozilla 12y ago The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether obj…
CVE-2014-1522 critical 9.3 ubuntu ubuntususe susefedora fedora mozilla 12y ago The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or…
CVE-2014-1519 critical 9.3 ubuntu ubuntususe susefedora fedora mozilla 12y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and applicat…
CVE-2014-0187 critical 9.0 FIX debian debianubuntu ubuntususe suse openstack 12y ago The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s…
CVE-2014-0474 critical 10.0 FIX ubuntu ubuntudebian debian djangoproject 12y ago The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not proper…