Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0274 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. | |||||
CVE-2015-0224 | 1 Apache | 1 Qpid | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. | |||||
CVE-2015-1827 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2023-02-12 | 5.0 MEDIUM | N/A |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. | |||||
CVE-2016-7117 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-01-19 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | |||||
CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2022-12-02 | 3.6 LOW | 4.4 MEDIUM |
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2022-08-17 | 10.0 HIGH | N/A |
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
CVE-2016-1548 | 1 Ntp | 1 Ntp | 2021-11-17 | 6.4 MEDIUM | 7.2 HIGH |
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. | |||||
CVE-2016-4828 | 1 Collne | 1 Welcart E-commerce | 2021-09-09 | 6.4 MEDIUM | 6.5 MEDIUM |
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | |||||
CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2021-09-08 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | |||||
CVE-2016-10081 | 1 Shutter-project | 1 Shutter | 2021-08-28 | 9.3 HIGH | 7.8 HIGH |
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | |||||
CVE-2016-0761 | 2 Cloudfoundry, Pivotal Software | 2 Garden Linux, Cloud Foundry Elastic Runtime | 2021-08-25 | 10.0 HIGH | 9.8 CRITICAL |
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. | |||||
CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | |||||
CVE-2015-7979 | 1 Ntp | 1 Ntp | 2021-04-15 | 5.0 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | |||||
CVE-2014-6053 | 3 Canonical, Debian, Libvncserver | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2020-10-23 | 5.0 MEDIUM | N/A |
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | |||||
CVE-2016-1000340 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-java-crytography-api | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | |||||
CVE-2016-2510 | 3 Beanshell, Canonical, Debian | 3 Beanshell, Ubuntu Linux, Debian Linux | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. | |||||
CVE-2019-0014 | 1 Juniper | 17 Junos, Ptx1000, Ptx10002 and 14 more | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100. | |||||
CVE-2014-8826 | 1 Apple | 1 Mac Os X | 2020-07-17 | 5.0 MEDIUM | N/A |
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||||
CVE-2019-0817 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||||
CVE-2015-8985 | 1 Gnu | 1 Glibc | 2020-03-31 | 4.3 MEDIUM | 5.9 MEDIUM |
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. |