Search
Total
6831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2000-1221 | 3 Debian, Redhat, Sgi | 3 Debian Linux, Linux, Irix | 2017-07-11 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP. | |||||
| CVE-2003-0618 | 2 Debian, Perl | 2 Debian Linux, Suidperl | 2017-07-11 | 2.1 LOW | N/A |
| Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. | |||||
| CVE-2003-0648 | 2 Debian, Fte | 2 Debian Linux, Fte Text Editor | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. | |||||
| CVE-2016-9189 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |||||
| CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | |||||
| CVE-2014-9762 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | |||||
| CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2017-07-01 | 7.5 HIGH | N/A |
| default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2014-9763 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. | |||||
| CVE-2015-7511 | 3 Canonical, Debian, Gnupg | 3 Ubuntu Linux, Debian Linux, Libgcrypt | 2017-07-01 | 1.9 LOW | 2.0 LOW |
| Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. | |||||
| CVE-2016-2194 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | |||||
| CVE-2014-9764 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2017-07-01 | 5.0 MEDIUM | N/A |
| The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | |||||
| CVE-2016-2195 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-2533 | 3 Debian, Python, Python Imaging Project | 3 Debian Linux, Pillow, Python Imaging | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | |||||
| CVE-2016-3105 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||||
| CVE-2015-2782 | 3 Arj Software, Debian, Fedoraproject | 3 Arj Archiver, Debian Linux, Fedora | 2017-07-01 | 7.5 HIGH | N/A |
| Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | |||||
| CVE-2015-4651 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2017-07-01 | 5.0 MEDIUM | N/A |
| The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2015-3417 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2017-07-01 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. | |||||
| CVE-2015-3202 | 2 Debian, Fuse Project | 2 Debian Linux, Fuse | 2017-07-01 | 3.6 LOW | N/A |
| fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. | |||||
| CVE-2016-5108 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | |||||
| CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | |||||
| CVE-2014-8738 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2017-07-01 | 5.0 MEDIUM | N/A |
| The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. | |||||
| CVE-2013-4243 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-07-01 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. | |||||
| CVE-2015-8949 | 2 Dbd-mysql Project, Debian | 2 Dbd-mysql, Debian Linux | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | |||||
| CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2017-07-01 | 5.0 MEDIUM | N/A |
| iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||
| CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2017-07-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||||
| CVE-2016-0766 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2017-07-01 | 9.0 HIGH | 8.8 HIGH |
| PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. | |||||
| CVE-2016-2326 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. | |||||
| CVE-2016-1523 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox Esr and 2 more | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. | |||||
| CVE-2016-1522 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox Esr and 2 more | 2017-07-01 | 9.3 HIGH | 8.8 HIGH |
| Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. | |||||
| CVE-2015-5214 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2017-07-01 | 6.8 MEDIUM | N/A |
| LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. | |||||
| CVE-2015-5213 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2017-07-01 | 6.8 MEDIUM | N/A |
| Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. | |||||
| CVE-2016-4324 | 3 Canonical, Debian, Libreoffice | 3 Ubuntu Linux, Debian Linux, Libreoffice | 2017-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | |||||
| CVE-2015-1821 | 2 Debian, Tuxfamily | 2 Debian Linux, Chrony | 2017-07-01 | 6.5 MEDIUM | N/A |
| Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. | |||||
| CVE-2016-0740 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |||||
| CVE-2016-0775 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |||||
| CVE-2016-1521 | 4 Debian, Fedoraproject, Mozilla and 1 more | 6 Debian Linux, Fedora, Firefox and 3 more | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | |||||
| CVE-2015-1822 | 2 Debian, Tuxfamily | 2 Debian Linux, Chrony | 2017-07-01 | 6.5 MEDIUM | N/A |
| chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. | |||||
| CVE-2015-4652 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-01 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. | |||||
| CVE-2013-4232 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-06-30 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. | |||||
| CVE-2016-7551 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2017-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | |||||
| CVE-2012-6697 | 2 Debian, Inspire Ircd | 2 Debian Linux, Inspircd | 2017-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2016-5322 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-04-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
| CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy allows remote attackers to execute arbitrary commands. | |||||
| CVE-2016-2365 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | |||||
| CVE-2016-2368 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 7.5 HIGH | 8.1 HIGH |
| Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. | |||||
| CVE-2016-2367 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 3.5 LOW | 5.9 MEDIUM |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | |||||
| CVE-2016-2366 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | |||||