VIR Vulnerability Intelligence Relay

Search

Found 63 results in 40ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31431 high 7.8 10.0 KEVEXPFIX rhelarch arch sles redhatsusearista 1mo ago Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
CVE-2017-14491 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleyssusenvidia 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2015-5300 high 7.5 7.5 FIX rhelubuntu ubuntufedora fedora susentp 9y ago The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to…
CVE-2015-5219 high 7.5 7.5 FIX rhelubuntu ubuntufedora fedora susentp 9y ago The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infin…
CVE-2015-5194 high 7.5 7.5 FIX slesdebian debian rhel susentp 9y ago The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVE-2015-8567 high 7.7 7.7 FIX slesdebian debianubuntu ubuntu qemususe 9y ago Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2017-7297 high 8.8 8.8 suse 9y ago Rancher Access Control Vulnerability in github.com/rancher/rancher
CVE-2014-9846 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu suseimagemagick 9y ago Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2016-5772 critical 9.8 9.8 slesdebian debiansuse suse phpsuse 10y ago Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a deni…
CVE-2016-4957 high 7.5 7.5 FIX slessuse susedebian debian ntpsuse 10y ago ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
CVE-2016-4954 high 7.5 7.5 FIX slessuse susedebian debian ntpsuse 10y ago The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many sou…
CVE-2016-4953 high 7.5 7.5 FIX slessuse susedebian debian ntpsuse 10y ago ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at…
CVE-2016-5244 high 7.5 7.5 FIX slesdebian debian rhel suse 10y ago The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from k…
CVE-2016-5118 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu graphicsmagicksuseimagemagick 10y ago The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-8779 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib…
CVE-2015-8778 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu gnususe 10y ago Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s…
CVE-2015-8776 critical 9.1 9.1 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive informatio…
CVE-2014-9761 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbi…
CVE-2016-3630 high 8.8 8.8 FIX slesdebian debiansuse suse mercurialsuse 10y ago The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b…
CVE-2016-3069 high 8.8 8.8 FIX slesdebian debiansuse suse mercurialsuse 10y ago Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3068 high 8.8 8.8 FIX slesdebian debiansuse suse mercurialsuse 10y ago Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-2324 critical 9.8 9.8 FIX slesdebian debiansuse suse susegit-scm 10y ago Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVE-2016-2315 critical 9.8 9.8 FIX debian debiansuse suse susegit-scm 10y ago revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based b…
CVE-2016-1286 high 8.6 8.6 FIX slesdebian debianubuntu ubuntu iscsusejuniper 10y ago named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME r…
CVE-2015-7547 high 8.1 9.1 EXPFIX debian debianubuntu ubuntususe suse hpsophossuse 10y ago Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den…
CVE-2015-5165 critical 9.3 FIX sles rheldebian debian suseredhat 11y ago The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5154 high 7.2 FIX suse susefedora fedoradebian debian suseqemu 11y ago Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host…
CVE-2015-3209 high 7.5 FIX ubuntu ubuntudebian debian rhel qemujuniperredhat 11y ago Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_…
CVE-2014-8162 high 7.5 redhatsuse 11y ago XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified imp…
CVE-2015-0778 high 7.5 FIX fedora fedorasuse susedebian debian suse 11y ago osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
CVE-2011-4195 high 7.5 suse 12y ago kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
CVE-2011-4192 high 7.5 suse 12y ago kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double q…
CVE-2011-3180 high 7.5 suse 12y ago kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
CVE-2014-1514 critical 9.8 9.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a …
CVE-2014-1513 high 8.8 8.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayB…
CVE-2014-1512 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows r…
CVE-2014-1511 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2014-1510 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript cod…
CVE-2014-1509 high 8.8 8.8 ubuntu ubuntususe suse rhel mozillasuse 12y ago Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allow…
CVE-2014-1508 critical 9.1 9.1 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive…
CVE-2014-1497 high 8.8 8.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain se…
CVE-2014-1493 critical 9.8 9.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to c…
CVE-2013-3712 critical 10.0 suse 12y ago SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
CVE-2014-1487 high 7.5 7.5 suse suse rhelubuntu ubuntu mozillasuse 13y ago The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Polic…
CVE-2014-1486 critical 9.8 9.8 fedora fedorasuse suse rhel mozillasuse 13y ago Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers t…
CVE-2014-1482 high 8.8 8.8 suse suse rhelubuntu ubuntu mozillasuse 13y ago RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attacke…
CVE-2014-1481 high 7.5 7.5 suse suse rhelubuntu ubuntu mozillasuse 13y ago Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging in…
CVE-2014-1479 high 7.5 7.5 suse suse rhelubuntu ubuntu mozillasuse 13y ago The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operatio…
CVE-2014-1477 critical 9.8 9.8 rhelubuntu ubuntudebian debian mozillasuse 13y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to c…
CVE-2013-3709 high 7.2 novellsuse 13y ago WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
CVE-2013-6671 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary…
CVE-2013-5618 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunder…
CVE-2013-5616 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.2…
CVE-2013-5615 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions o…
CVE-2013-5613 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows …
CVE-2013-5609 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to c…
CVE-2013-4547 high 8.5 EXPFIX debian debiansuse suse f5susenginx 13y ago nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
CVE-2013-4480 high 7.5 redhatsuse 13y ago Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-4854 high 7.8 FIX debian debian rhelsuse suse iscsuse 13y ago The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remo…
CVE-2012-5830 high 8.8 8.8 macos macosubuntu ubuntususe suse mozillasuse 14y ago Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allow…
CVE-2011-2660 high 7.5 FIX suse susedebian debian suse 15y ago The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain …