Total
4112 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1512 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. | |||||
CVE-2014-8502 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. | |||||
CVE-2015-1238 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-3565 | 3 Apple, Canonical, Net-snmp | 3 Mac Os X, Ubuntu Linux, Net-snmp | 2023-12-10 | 5.0 MEDIUM | N/A |
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. | |||||
CVE-2014-3618 | 2 Canonical, Procmail | 2 Ubuntu Linux, Procmail | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." | |||||
CVE-2014-1511 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | |||||
CVE-2013-4544 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2023-12-10 | 4.9 MEDIUM | N/A |
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. | |||||
CVE-2015-3144 | 4 Canonical, Debian, Haxx and 1 more | 5 Ubuntu Linux, Debian Linux, Curl and 2 more | 2023-12-10 | 9.0 HIGH | N/A |
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." | |||||
CVE-2011-3152 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2023-12-10 | 6.4 MEDIUM | N/A |
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. | |||||
CVE-2015-0250 | 3 Apache, Canonical, Redhat | 3 Batik, Ubuntu Linux, Jboss Enterprise Brms Platform | 2023-12-10 | 6.4 MEDIUM | N/A |
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | |||||
CVE-2014-2398 | 5 Canonical, Debian, Ibm and 2 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | |||||
CVE-2014-0460 | 4 Canonical, Debian, Juniper and 1 more | 6 Ubuntu Linux, Debian Linux, Junos Space and 3 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. | |||||
CVE-2015-0812 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. | |||||
CVE-2014-7943 | 5 Canonical, Chromium, Google and 2 more | 8 Ubuntu Linux, Chromium, Chrome and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2014-7230 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Cinder, Nova and 2 more | 2023-12-10 | 2.1 LOW | N/A |
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | |||||
CVE-2014-1532 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | |||||
CVE-2015-0240 | 4 Canonical, Novell, Redhat and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. | |||||
CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | |||||
CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.4 MEDIUM | N/A |
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
CVE-2014-0473 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2023-12-10 | 5.0 MEDIUM | N/A |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. |