VIR Vulnerability Intelligence Relay

Search

Found 64 results in 92ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-3476 medium 6.0 FIX debian debian openstacksuse 4y ago OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b…
CVE-2017-15638 medium 6.5 6.5 slessuse suse suse 9y ago The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and S…
CVE-2017-14491 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleyssusenvidia 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-14621 medium 5.4 5.4 sles suse 9y ago Portus 2.2.0 has XSS via the Team field, related to typeahead.
CVE-2014-9846 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu suseimagemagick 9y ago Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2014-9845 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu suseimagemagick 9y ago The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVE-2014-9844 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu suseimagemagick 9y ago The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2014-9853 medium 5.5 5.5 FIX slesdebian debianubuntu ubuntu imagemagicksuse 9y ago Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2016-2318 medium 5.5 5.5 FIX debian debiansuse suse graphicsmagicksuse 10y ago GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartEle…
CVE-2016-2317 medium 5.5 5.5 FIX slesdebian debiansuse suse graphicsmagicksuse 10y ago Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) G…
CVE-2015-7976 medium 4.3 4.3 FIX slesdebian debiansuse suse ntpsuse 10y ago The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a c…
CVE-2016-5772 critical 9.8 9.8 slesdebian debiansuse suse phpsuse 10y ago Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a deni…
CVE-2015-8808 medium 5.5 5.5 FIX slesdebian debianfedora fedora graphicsmagicksuse 10y ago The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
CVE-2016-4956 medium 5.3 5.3 FIX slessuse susedebian debian ntpsuse 10y ago ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists beca…
CVE-2016-4955 medium 5.9 5.9 FIX slessuse susedebian debian ntpsuse 10y ago ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packe…
CVE-2016-5118 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu graphicsmagicksuseimagemagick 10y ago The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-0264 medium 5.6 5.6 sles rhelsuse suse ibmredhatsuse 10y ago Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP…
CVE-2016-3951 medium 4.6 4.6 FIX slesdebian debiansuse suse novellsuse 10y ago Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified ot…
CVE-2016-2782 medium 4.6 5.6 EXPFIX debian debiansuse suse linux-kernel suse 10y ago The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or…
CVE-2015-8845 medium 5.5 5.5 FIX slesdebian debiansuse suse suse 10y ago The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim c…
CVE-2016-0651 medium 5.5 5.5 slessuse suse rhel oraclemariadbsuse 10y ago Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CVE-2016-0642 medium 4.7 4.7 sles rhelsuse suse oraclesusemariadb 10y ago Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CVE-2015-8779 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib…
CVE-2015-8778 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu gnususe 10y ago Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s…
CVE-2015-8776 critical 9.1 9.1 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive informatio…
CVE-2014-9761 critical 9.8 9.8 FIX debian debianfedora fedoraubuntu ubuntu susegnu 10y ago Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbi…
CVE-2016-2324 critical 9.8 9.8 FIX slesdebian debiansuse suse susegit-scm 10y ago Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVE-2016-2315 critical 9.8 9.8 FIX debian debiansuse suse susegit-scm 10y ago revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based b…
CVE-2016-1285 medium 6.8 6.8 FIX slesdebian debiansuse suse iscsusejuniper 10y ago named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service …
CVE-2015-0272 medium 5.0 FIX debian debianubuntu ubuntususe suse gnomesuse 11y ago GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability tha…
CVE-2015-1781 medium 6.8 FIX debian debiansuse suseubuntu ubuntu susegnu 11y ago Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash…
CVE-2015-5165 critical 9.3 FIX sles rheldebian debian suseredhat 11y ago The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-1283 medium 6.8 FIX slesdebian debianubuntu ubuntu googlelibexpat_projectpython 11y ago Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (…
CVE-2015-0500 medium 4.0 suse suse oraclesuse 11y ago Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
CVE-2015-0439 medium 4.0 suse suse suseoracle 11y ago Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability …
CVE-2014-3654 medium 4.3 suse suse redhatsuse 12y ago Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML …
CVE-2014-3595 medium 4.3 suse suse redhatsuse 12y ago Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s…
CVE-2014-3601 medium 4.3 FIX suse suseubuntu ubuntu linux-kernel suse 12y ago The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) …
CVE-2013-1864 medium 4.3 opalvoipekigasuse 12y ago The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of ser…
CVE-2011-4193 medium 4.3 suse 12y ago Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbi…
CVE-2014-1514 critical 9.8 9.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a …
CVE-2014-1512 critical 10.0 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows r…
CVE-2014-1511 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2014-1510 critical 9.8 10.0 EXP ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript cod…
CVE-2014-1508 critical 9.1 9.1 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive…
CVE-2014-1496 medium 5.5 5.5 suse suse mozillasuse 12y ago Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during…
CVE-2014-1493 critical 9.8 9.8 ubuntu ubuntudebian debiansuse suse mozillasuse 12y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to c…
CVE-2013-3712 critical 10.0 suse 12y ago SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
CVE-2013-4415 medium 4.3 redhatsuse 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variab…
CVE-2014-1486 critical 9.8 9.8 fedora fedorasuse suse rhel mozillasuse 13y ago Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers t…
CVE-2014-1483 medium 5.0 suse suseubuntu ubuntu mozillasuse 13y ago Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain t…
CVE-2014-1477 critical 9.8 9.8 rhelubuntu ubuntudebian debian mozillasuse 13y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to c…
CVE-2013-4458 medium 5.0 FIX debian debiansuse suse gnususe 13y ago Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (cra…
CVE-2013-6673 medium 5.9 5.9 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it e…
CVE-2013-6671 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary…
CVE-2013-5618 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunder…
CVE-2013-5616 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.2…
CVE-2013-5615 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions o…
CVE-2013-5613 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows …
CVE-2013-5609 critical 9.8 9.8 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to c…
CVE-2013-4419 medium 6.8 FIX slesdebian debiansuse suse libguestfssuse 13y ago The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary …
CVE-2012-0435 medium 5.8 suse 14y ago SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
CVE-2011-4315 medium 6.8 FIX fedora fedoradebian debian f5susenginx 15y ago Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspeci…