Total
4161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1229 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | |||||
| CVE-2015-3747 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2014-3689 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 7.2 HIGH | N/A |
| The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | |||||
| CVE-2015-3741 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2016-7162 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | |||||
| CVE-2015-8035 | 4 Apple, Canonical, Debian and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2025-04-12 | 2.6 LOW | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | |||||
| CVE-2015-3279 | 3 Canonical, Debian, Linuxfoundation | 3 Ubuntu Linux, Debian Linux, Cups-filters | 2025-04-12 | 7.5 HIGH | N/A |
| Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-8502 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. | |||||
| CVE-2016-1649 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. | |||||
| CVE-2016-5439 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | |||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | |||||
| CVE-2014-0452 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. | |||||
| CVE-2015-0408 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | |||||
| CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | 4.6 MEDIUM | N/A |
| The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-0668 | 6 Canonical, Debian, Mariadb and 3 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2025-04-12 | 1.7 LOW | 4.1 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. | |||||
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-4579 | 3 Canonical, Gnupg, Opensuse | 3 Ubuntu Linux, Libksba, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | |||||
| CVE-2015-3146 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | |||||
| CVE-2015-8872 | 3 Canonical, Dosfstools Project, Opensuse | 4 Ubuntu Linux, Dosfstools, Leap and 1 more | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | |||||
| CVE-2016-0763 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. | |||||