Total
9134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0546 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name. | |||||
| CVE-2016-0742 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | |||||
| CVE-2015-4815 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | |||||
| CVE-2016-9189 | 2 Debian, Python | 2 Debian Linux, Pillow | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |||||
| CVE-2014-3168 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. | |||||
| CVE-2014-9636 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | |||||
| CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||||
| CVE-2015-7540 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. | |||||
| CVE-2015-1421 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. | |||||
| CVE-2015-1261 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. | |||||
| CVE-2015-4047 | 5 Canonical, Debian, F5 and 2 more | 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more | 2025-04-12 | 7.8 HIGH | N/A |
| racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | |||||
| CVE-2016-0718 | 9 Apple, Canonical, Debian and 6 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||||
| CVE-2015-1241 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | |||||
| CVE-2015-8767 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 4.9 MEDIUM | 6.2 MEDIUM |
| net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | |||||
| CVE-2016-7143 | 2 Charybdis Project, Debian | 2 Charybdis, Debian Linux | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2015-0381 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | |||||
| CVE-2016-4439 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | |||||
| CVE-2014-8158 | 4 Debian, Jasper Project, Opensuse and 1 more | 4 Debian Linux, Jasper, Opensuse and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | |||||
| CVE-2014-4260 | 4 Debian, Mariadb, Oracle and 1 more | 8 Debian Linux, Mariadb, Mysql and 5 more | 2025-04-12 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. | |||||
| CVE-2016-0706 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. | |||||