Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Linux
Total 225 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4792 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 1.7 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
CVE-2015-8386 4 Fedoraproject, Oracle, Pcre and 1 more 4 Fedora, Linux, Perl Compatible Regular Expression Library and 1 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8385 2 Oracle, Pcre 2 Linux, Perl Compatible Regular Expression Library 2025-04-12 7.5 HIGH N/A
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2013-5704 5 Apache, Apple, Canonical and 2 more 16 Http Server, Mac Os X, Mac Os X Server and 13 more 2025-04-12 5.0 MEDIUM N/A
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
CVE-2014-3487 5 Debian, File Project, Opensuse and 2 more 5 Debian Linux, File, Opensuse and 2 more 2025-04-12 4.3 MEDIUM N/A
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2016-1714 3 Oracle, Qemu, Redhat 3 Linux, Qemu, Openstack 2025-04-12 6.9 MEDIUM 8.1 HIGH
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
CVE-2016-3715 6 Canonical, Imagemagick, Opensuse and 3 more 30 Ubuntu Linux, Imagemagick, Leap and 27 more 2025-04-12 5.8 MEDIUM 5.5 MEDIUM
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3521 5 Canonical, Debian, Ibm and 2 more 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more 2025-04-12 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-6197 2 Linux, Oracle 3 Linux Kernel, Linux, Vm Server 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
CVE-2016-5385 8 Debian, Drupal, Fedoraproject and 5 more 14 Debian Linux, Drupal, Fedora and 11 more 2025-04-12 5.1 MEDIUM 8.1 HIGH
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVE-2016-1958 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Linux 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-5118 7 Canonical, Debian, Graphicsmagick and 4 more 14 Ubuntu Linux, Debian Linux, Graphicsmagick and 11 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-0597 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2016-3615 5 Canonical, Debian, Ibm and 2 more 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more 2025-04-12 4.3 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
CVE-2016-0608 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
CVE-2016-0598 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-3500 1 Oracle 4 Jdk, Jre, Jrockit and 1 more 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
CVE-2014-9750 4 Debian, Ntp, Oracle and 1 more 6 Debian Linux, Ntp, Linux and 3 more 2025-04-12 5.8 MEDIUM N/A
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2015-4643 4 Debian, Oracle, Php and 1 more 9 Debian Linux, Linux, Php and 6 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.