threat
engine
.sh
Back
·
··:··
Home
/
Product
/
suse linux enterprise server
Product
suse linux enterprise server
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-31431
all versions
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This m
7.8
HIGH
CVE-2026-25702
all versions
A Improper Access Control vulnerability in the kernel of SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewal
7.3
HIGH
CVE-2024-46956
all versions
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead
7.8
HIGH
CVE-2024-46955
all versions
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color i
5.5
MEDIUM
CVE-2024-46953
all versions
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename fo
7.8
HIGH
CVE-2024-46951
all versions
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern colo
7.8
HIGH
CVE-2023-29552
all versions
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This coul
7.5
HIGH
CVE-2023-23005
all versions
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the e
5.5
MEDIUM
CVE-2022-45153
all versions
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15
7.0
HIGH
CVE-2022-31252
all versions
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4,
4.4
MEDIUM
CVE-2015-1931
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1
5.5
MEDIUM
CVE-2022-27239
all versions
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to loca
7.8
HIGH
CVE-2021-45082
all versions
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah
7.8
HIGH
CVE-2021-4034
all versions
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed
7.8
HIGH
CVE-2002-20001
all versions
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actual
7.5
HIGH
CVE-2021-32000
all versions
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Lin
3.2
LOW
CVE-2018-10195
all versions
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata
7.1
HIGH
CVE-2020-8025
all versions
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE L
6.1
MEDIUM
CVE-2020-15707
all versions
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shi
5.7
MEDIUM
CVE-2020-15706
all versions
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered
6.4
MEDIUM
CVE-2020-15705
all versions
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects
6.4
MEDIUM
CVE-2020-6449
all versions
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-6429
all versions
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-6428
all versions
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-6427
all versions
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-6426
all versions
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap c
6.5
MEDIUM
CVE-2020-6424
all versions
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-6422
all versions
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2020-8013
all versions
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server
2.2
LOW
CVE-2019-18903
all versions
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1,
7.5
HIGH
CVE-2019-18902
all versions
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1,
7.5
HIGH
CVE-2019-18901
all versions
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterpri
5.1
MEDIUM
CVE-2019-18897
all versions
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Ent
8.4
HIGH
CVE-2014-1947
all versions
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers
7.8
HIGH
CVE-2020-8118
all versions
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a
5.0
MEDIUM
CVE-2019-15624
all versions
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
4.9
MEDIUM
CVE-2015-6815
all versions
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when send
3.5
LOW
CVE-2006-7246
all versions
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
6.8
MEDIUM
CVE-2018-20105
all versions
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap all
4.0
MEDIUM
CVE-2019-3687
all versions
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and
4.0
MEDIUM
CVE-2015-5239
all versions
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via
6.5
MEDIUM
CVE-2020-5504
all versions
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject cus
8.8
HIGH
CVE-2010-3782
all versions
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
8.8
HIGH
CVE-2013-4357
all versions
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial
7.5
HIGH
CVE-2012-6639
all versions
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2
8.8
HIGH
CVE-2016-5285
all versions
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithS
7.5
HIGH
CVE-2019-3688
all versions
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in S
5.1
MEDIUM
CVE-2019-11038
all versions
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PH
5.3
MEDIUM
CVE-2017-16232
all versions
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), a
7.5
HIGH
CVE-2018-16874
all versions
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the imp
8.1
HIGH
CVE-2018-16873
all versions
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -
8.1
HIGH
CVE-2018-19655
all versions
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products,
8.8
HIGH
CVE-2018-12122
all versions
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause
7.5
HIGH
CVE-2018-12116
all versions
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized u
7.5
HIGH
CVE-2018-19543
all versions
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper
7.8
HIGH
CVE-2018-19542
all versions
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.
6.5
MEDIUM
CVE-2018-19541
all versions
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17
8.8
HIGH
CVE-2018-19540
all versions
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17
8.8
HIGH
CVE-2018-19539
all versions
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_im
6.5
MEDIUM
CVE-2018-19208
all versions
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp th
6.5
MEDIUM
CVE-2018-19052
all versions
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traver
7.5
HIGH
CVE-2018-18873
all versions
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
5.5
MEDIUM
CVE-2018-18585
all versions
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character
4.3
MEDIUM
CVE-2018-18584
all versions
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the m
6.5
MEDIUM
CVE-2018-17962
all versions
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
7.5
HIGH
CVE-2016-1000030
all versions
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values
9.8
CRITICAL
CVE-2018-6556
all versions
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used b
3.3
LOW
CVE-2011-4190
all versions
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to vers
5.9
MEDIUM
CVE-2011-3172
< 12.0
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affe
5.4
MEDIUM
CVE-2018-7566
all versions
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a loca
7.8
HIGH
CVE-2017-14798
all versions
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their
7.3
HIGH
CVE-2017-5753
all versions
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio
5.6
MEDIUM
CVE-2017-18017
all versions
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows re
9.8
CRITICAL
CVE-2017-17806
all versions
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash
7.8
HIGH
CVE-2017-17805
all versions
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local
7.8
HIGH
CVE-2017-17558
all versions
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 d
6.6
MEDIUM
CVE-2017-15115
all versions
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is use
7.8
HIGH
CVE-2017-13088
all versions
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when p
5.3
MEDIUM
CVE-2017-13087
all versions
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a
5.3
MEDIUM
CVE-2017-13086
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDL
6.8
MEDIUM
CVE-2017-13084
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the P
6.8
MEDIUM
CVE-2017-13082
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Tempora
8.1
HIGH
CVE-2017-13081
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK)
5.3
MEDIUM
CVE-2017-13080
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowi
5.3
MEDIUM
CVE-2017-13079
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK)
5.3
MEDIUM
CVE-2017-13078
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowin
5.3
MEDIUM
CVE-2017-13077
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-
6.8
MEDIUM
CVE-2017-14491
all versions
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrar
9.8
CRITICAL
CVE-2016-5759
all versions
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into execut
7.8
HIGH
CVE-2015-3405
all versions
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big end
7.5
HIGH
CVE-2015-5300
all versions
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128
7.5
HIGH
CVE-2015-5219
all versions
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a doub
7.5
HIGH
CVE-2015-5194
all versions
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of servic
7.5
HIGH
CVE-2017-1000366
all versions
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to
7.8
HIGH
CVE-2016-9961
all versions
game-music-emu before 0.6.1 mishandles unspecified integer values.
9.8
CRITICAL
CVE-2016-9960
all versions
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
5.5
MEDIUM
CVE-2017-7995
all versions
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space me
3.8
LOW
CVE-2015-8567
all versions
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
7.7
HIGH
CVE-2016-9959
all versions
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
7.8
HIGH
CVE-2016-9958
all versions
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
7.8
HIGH
CVE-2016-9957
all versions
Stack-based buffer overflow in game-music-emu before 0.6.1.
7.8
HIGH
CVE-2015-4680
all versions
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
7.5
HIGH
CVE-2016-9398
all versions
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion
7.5
HIGH
CVE-2016-1602
all versions
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE
7.8
HIGH
CVE-2014-9851
all versions
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
7.5
HIGH
CVE-2014-9850
all versions
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
7.5
HIGH
CVE-2014-9849
all versions
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
7.5
HIGH
CVE-2014-9848
all versions
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
7.5
HIGH
CVE-2014-9847
all versions
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
9.8
CRITICAL
CVE-2014-9846
all versions
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified im
9.8
CRITICAL
CVE-2014-9845
all versions
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrup
5.5
MEDIUM
CVE-2014-9844
all versions
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-boun
5.5
MEDIUM
CVE-2014-9843
all versions
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown
9.8
CRITICAL
CVE-2014-9842
all versions
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of serv
7.5
HIGH
CVE-2014-9841
all versions
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown v
9.8
CRITICAL
CVE-2014-9854
all versions
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "
7.5
HIGH
CVE-2014-9853
all versions
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted
5.5
MEDIUM
CVE-2014-9852
all versions
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecifie
9.8
CRITICAL
CVE-2017-5898
all versions
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with
5.5
MEDIUM
CVE-2015-7976
all versions
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special c
4.3
MEDIUM
CVE-2016-7796
all versions
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length
5.5
MEDIUM
CVE-2015-8934
all versions
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to
5.5
MEDIUM
CVE-2015-8933
all versions
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allo
5.5
MEDIUM
CVE-2015-8932
all versions
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to
5.5
MEDIUM
CVE-2015-8931
all versions
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in li
7.8
HIGH
CVE-2015-8930
all versions
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory
7.5
HIGH
CVE-2015-8929
all versions
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attacke
5.5
MEDIUM
CVE-2015-8928
all versions
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause
5.5
MEDIUM
CVE-2015-8926
all versions
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attac
5.5
MEDIUM
CVE-2015-8925
all versions
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial
5.5
MEDIUM
CVE-2015-8924
all versions
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote att
5.5
MEDIUM
CVE-2015-8923
all versions
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote at
6.5
MEDIUM
CVE-2015-8922
all versions
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a d
5.5
MEDIUM
CVE-2015-8921
all versions
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (ou
7.5
HIGH
CVE-2015-8920
all versions
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a den
5.5
MEDIUM
CVE-2015-8919
all versions
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers
7.5
HIGH
CVE-2015-8918
all versions
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of ser
7.5
HIGH
CVE-2016-5772
all versions
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before
9.8
CRITICAL
CVE-2016-4957
all versions
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: thi
7.5
HIGH
CVE-2016-4956
all versions
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change)
5.3
MEDIUM
CVE-2016-4955
all versions
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clear
5.9
MEDIUM
CVE-2016-4954
all versions
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service
7.5
HIGH
CVE-2016-4953
all versions
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by send
7.5
HIGH
CVE-2016-4997
all versions
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel be
7.8
HIGH
CVE-2016-5244
all versions
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member,
7.5
HIGH
CVE-2016-1583
all versions
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privile
7.8
HIGH
CVE-2016-2834
all versions
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a de
8.8
HIGH
CVE-2016-2818
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow r
8.8
HIGH
CVE-2016-2815
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial
8.8
HIGH
CVE-2016-5118
all versions
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code
9.8
CRITICAL
CVE-2015-5041
all versions
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP
9.1
CRITICAL
CVE-2016-0376
all versions
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR
8.1
HIGH
CVE-2016-0363
all versions
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP
8.1
HIGH
CVE-2016-0718
all versions
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed i
9.8
CRITICAL
CVE-2016-0264
all versions
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before
5.6
MEDIUM
CVE-2016-4913
all versions
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entrie
7.8
HIGH
CVE-2016-4805
all versions
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denia
7.8
HIGH
CVE-2016-4569
all versions
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data struct
5.5
MEDIUM
CVE-2016-4486
all versions
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data stru
3.3
LOW
CVE-2016-4485
all versions
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which
7.5
HIGH
CVE-2016-4482
all versions
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data struc
6.2
MEDIUM
CVE-2016-3718
all versions
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-sid
5.5
MEDIUM
CVE-2016-3715
all versions
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a
5.5
MEDIUM
CVE-2016-3714
all versions
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and
8.4
HIGH
CVE-2016-3951
all versions
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cau
4.6
MEDIUM
CVE-2016-3689
all versions
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate a
4.6
MEDIUM
CVE-2016-3140
all versions
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate a
4.6
MEDIUM
CVE-2016-3138
all versions
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to ca
4.6
MEDIUM
CVE-2016-3137
all versions
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of servic
4.6
MEDIUM
CVE-2016-3136
all versions
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate a
4.6
MEDIUM
CVE-2016-2188
all versions
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attacker
4.6
MEDIUM
CVE-2016-2187
all versions
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to
4.6
MEDIUM
CVE-2016-2186
all versions
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attack
4.6
MEDIUM
CVE-2016-2185
all versions
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate at
4.6
MEDIUM
CVE-2016-3672
all versions
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy
7.8
HIGH
CVE-2016-3156
all versions
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to
5.5
MEDIUM
CVE-2016-3139
all versions
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers
4.6
MEDIUM
CVE-2016-3134
all versions
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gai
8.4
HIGH
CVE-2016-2847
all versions
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a de
6.2
MEDIUM
CVE-2016-2782
all versions
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cau
4.6
MEDIUM
CVE-2016-2184
all versions
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows p
4.6
MEDIUM
CVE-2015-8845
all versions
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ens
5.5
MEDIUM
CVE-2015-8816
all versions
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface da
6.8
MEDIUM
CVE-2016-3427
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8
CRITICAL
CVE-2016-0668
all versions
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x b
4.1
MEDIUM
CVE-2016-0651
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Opti
5.5
MEDIUM
CVE-2016-0642
all versions
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to aff
4.7
MEDIUM
CVE-2015-8779
all versions
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent
9.8
CRITICAL
CVE-2015-8778
all versions
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of ser
9.8
CRITICAL
CVE-2015-8776
all versions
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial o
9.1
CRITICAL
CVE-2014-9761
all versions
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to c
9.8
CRITICAL
CVE-2015-8551
all versions
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows loca
6.0
MEDIUM
CVE-2015-5969
all versions
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1
6.2
MEDIUM
CVE-2016-2324
all versions
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested
9.8
CRITICAL
CVE-2016-2315
all versions
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a
9.8
CRITICAL
CVE-2016-1645
all versions
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chr
8.8
HIGH
CVE-2016-1286
all versions
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion
8.6
HIGH
CVE-2016-1285
all versions
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply
6.8
MEDIUM
CVE-2015-7547
all versions
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (
8.1
HIGH
CVE-2015-7566
all versions
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers t
4.6
MEDIUM
CVE-2015-5006
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 befor
CVE-2015-3195
all versions
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q
5.3
MEDIUM
CVE-2015-0272
all versions
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an
CVE-2015-8126
all versions
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1
CVE-2015-2697
all versions
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated u
CVE-2015-2696
all versions
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote a
CVE-2015-2695
all versions
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows r
CVE-2015-6855
all versions
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a den
7.5
HIGH
CVE-2015-4902
all versions
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors
5.3
MEDIUM
CVE-2015-4830
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-5707
all versions
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local u
CVE-2015-1781
all versions
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 a
CVE-2015-5165
all versions
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote at
CVE-2015-5154
all versions
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive en
CVE-2015-4495
all versions
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers
8.8
HIGH
CVE-2015-1283
all versions
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and
CVE-2015-2590
all versions
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to af
9.8
CRITICAL
CVE-2015-2743
all versions
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for inter
CVE-2015-2740
all versions
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.
CVE-2015-2739
all versions
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thu
CVE-2015-2738
all versions
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox E
CVE-2015-2737
all versions
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31
CVE-2015-2736
all versions
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Th
CVE-2015-2735
all versions
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 ac
CVE-2015-2734
all versions
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR
CVE-2015-2733
all versions
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo
CVE-2015-2730
all versions
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38
CVE-2015-2728
all versions
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 a
CVE-2015-2726
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial
CVE-2015-2725
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thund
CVE-2015-2724
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x b
CVE-2015-2722
all versions
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo
CVE-2015-2721
all versions
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x
CVE-2015-0192
all versions
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, an
9.8
CRITICAL
CVE-2015-3209
all versions
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet w
CVE-2015-4106
all versions
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local
CVE-2015-4000
all versions
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly conv
3.7
LOW
CVE-2015-2716
all versions
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows
CVE-2015-2713
all versions
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbi
CVE-2015-2710
all versions
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird
CVE-2015-2709
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial
CVE-2015-2708
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thund
CVE-2015-0797
all versions
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux
CVE-2015-3340
all versions
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive inform
CVE-2015-2041
all versions
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users t
CVE-2015-2576
all versions
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows loca
CVE-2015-2575
all versions
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users t
CVE-2015-2573
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-2571
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-2568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect ava
CVE-2015-0505
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-0501
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-0500
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0499
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-0492
all versions
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, i
CVE-2015-0484
all versions
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality,
CVE-2015-0441
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-0439
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0438
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0433
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-0423
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via u
CVE-2015-0405
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via u
CVE-2015-2808
all versions
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the ini
3.7
LOW
CVE-2013-6501
all versions
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /
CVE-2014-8121
all versions
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does no
CVE-2014-8160
all versions
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling o
CVE-2015-0240
all versions
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4
CVE-2015-0432
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via v
CVE-2015-0413
all versions
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Se
CVE-2015-0412
all versions
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and
CVE-2015-0410
all versions
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java
CVE-2015-0408
all versions
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integr
CVE-2015-0400
all versions
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vec
CVE-2015-0395
all versions
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integr
CVE-2015-0391
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
CVE-2015-0383
all versions
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R
CVE-2015-0382
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
CVE-2015-0381
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
CVE-2015-0374
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to af
CVE-2014-6601
all versions
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and
CVE-2014-6568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to
CVE-2014-9585
all versions
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the
CVE-2014-9584
all versions
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value
CVE-2014-9322
all versions
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS
7.8
HIGH
CVE-2014-8134
all versions
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled settin
3.3
LOW
CVE-2014-9116
all versions
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allow
CVE-2014-7815
all versions
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_p
CVE-2014-8559
all versions
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, whi
5.5
MEDIUM
CVE-2014-8369
all versions
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during t
7.8
HIGH
CVE-2014-7826
all versions
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of th
7.8
HIGH
CVE-2014-3690
all versions
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in th
5.5
MEDIUM
CVE-2014-3687
all versions
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 al
7.5
HIGH
CVE-2014-3673
all versions
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via
7.5
HIGH
CVE-2014-3647
all versions
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows
5.5
MEDIUM
CVE-2014-3646
all versions
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instructi
5.5
MEDIUM
CVE-2014-3610
all versions
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of
5.5
MEDIUM
CVE-2014-0223
all versions
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (c
CVE-2014-0222
all versions
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of servi
CVE-2014-6564
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via v
CVE-2014-6559
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
CVE-2014-6555
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
CVE-2014-6551
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidenti
CVE-2014-6530
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
CVE-2014-6520
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via v
CVE-2014-6507
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to
CVE-2014-6505
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
CVE-2014-6496
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6495
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect ava
CVE-2014-6494
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6484
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
CVE-2014-6478
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect int
CVE-2014-6474
all versions
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via v
CVE-2014-6469
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
CVE-2014-6464
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
CVE-2014-6463
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to af
CVE-2014-4287
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to af
CVE-2014-3566
all versions
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easi
3.4
LOW
CVE-2014-8086
all versions
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause
4.7
MEDIUM
CVE-2014-7970
all versions
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations
5.5
MEDIUM
CVE-2012-6657
all versions
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associ
CVE-2014-7169
all versions
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8
CRITICAL
CVE-2014-6271
all versions
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8
CRITICAL
CVE-2014-3601
all versions
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during t
CVE-2014-5077
all versions
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, al
CVE-2014-4943
all versions
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging
CVE-2014-4260
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote
CVE-2014-4258
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote au
CVE-2014-4243
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote au
CVE-2014-4214
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to af
CVE-2014-4207
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to af
CVE-2014-2494
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to af
CVE-2014-2484
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to af
CVE-2014-4667
all versions
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain ba
CVE-2014-4656
all versions
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow loca
CVE-2014-4655
all versions
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does no
CVE-2014-4654
all versions
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does no
CVE-2014-4653
all versions
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/wri
CVE-2014-4652
all versions
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
CVE-2014-4608
all versions
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the
7.3
HIGH
CVE-2014-4027
all versions
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize
CVE-2014-1739
all versions
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a ce
CVE-2014-4039
all versions
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.ta
CVE-2014-4038
all versions
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and
CVE-2014-2978
all versions
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a
CVE-2014-2977
all versions
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.
CVE-2014-3153
all versions
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different fute
7.8
HIGH
CVE-2014-3470
all versions
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, w
CVE-2014-0221
all versions
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allow
CVE-2014-3469
all versions
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to ca
CVE-2014-3468
all versions
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identifie
CVE-2014-3467
all versions
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to c
CVE-2014-1738
all versions
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to cer
CVE-2014-1737
all versions
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions
CVE-2014-0196
all versions
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in t
5.5
MEDIUM
CVE-2014-0198
all versions
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly
CVE-2014-1532
all versions
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.
9.8
CRITICAL
CVE-2014-1531
all versions
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox
8.8
HIGH
CVE-2014-1530
all versions
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey b
6.1
MEDIUM
CVE-2014-1529
all versions
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey befo
8.8
HIGH
CVE-2014-1524
all versions
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird befor
9.8
CRITICAL
CVE-2014-1523
all versions
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird befo
6.5
MEDIUM
CVE-2014-1518
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbi
8.8
HIGH
CVE-2014-0181
all versions
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based
CVE-2014-2706
all versions
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (s
CVE-2010-5298
all versions
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, al
CVE-2014-0131
all versions
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers
CVE-2014-2497
all versions
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denia
CVE-2014-1514
all versions
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before
9.8
CRITICAL
CVE-2014-1513
all versions
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2
8.8
HIGH
CVE-2014-1512
all versions
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x bef
CVE-2014-1511
all versions
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attacke
9.8
CRITICAL
CVE-2014-1510
all versions
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey be
9.8
CRITICAL
CVE-2014-1509
all versions
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x b
8.8
HIGH
CVE-2014-1508
all versions
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4,
9.1
CRITICAL
CVE-2014-1505
all versions
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey
7.5
HIGH
CVE-2014-1504
all versions
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy
CVE-2014-1502
all versions
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey be
CVE-2014-1501
all versions
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs vi
CVE-2014-1500
all versions
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption an
CVE-2014-1499
all versions
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or
CVE-2014-1498
all versions
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certai
CVE-2014-1497
all versions
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before
8.8
HIGH
CVE-2014-1496
all versions
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local us
5.5
MEDIUM
CVE-2014-1494
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote a
CVE-2014-1493
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbi
9.8
CRITICAL
CVE-2014-2309
all versions
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes,
CVE-2014-1874
all versions
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users t
CVE-2014-0069
all versions
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operati
CVE-2014-1491
all versions
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thund
CVE-2014-1490
all versions
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox
CVE-2014-1489
all versions
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-as
CVE-2014-1488
all versions
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitra
CVE-2014-1487
all versions
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonke
7.5
HIGH
CVE-2014-1486
all versions
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunder
9.8
CRITICAL
CVE-2014-1485
all versions
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesh
CVE-2014-1484
all versions
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers
CVE-2014-1483
all versions
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive
CVE-2014-1482
all versions
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 d
8.8
HIGH
CVE-2014-1481
all versions
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attacke
7.5
HIGH
CVE-2014-1480
all versions
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of
CVE-2014-1479
all versions
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3
7.5
HIGH
CVE-2014-1477
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbi
9.8
CRITICAL
CVE-2013-0339
all versions
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2Resolve
CVE-2013-4458
all versions
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18
CVE-2013-6673
all versions
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a u
5.9
MEDIUM
CVE-2013-6672
all versions
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leve
CVE-2013-6671
all versions
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, a
9.8
CRITICAL
CVE-2013-5619
all versions
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before
CVE-2013-5618
all versions
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component
9.8
CRITICAL
CVE-2013-5616
all versions
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ES
9.8
CRITICAL
CVE-2013-5615
all versions
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey
9.8
CRITICAL
CVE-2013-5614
all versions
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during p
CVE-2013-5613
all versions
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x be
9.8
CRITICAL
CVE-2013-5612
all versions
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attac
CVE-2013-5611
all versions
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote att
CVE-2013-5610
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote a
CVE-2013-5609
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbi
9.8
CRITICAL
CVE-2013-4419
all versions
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly ch
CVE-2013-3567
all versions
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows r
CVE-2013-4002
all versions
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before
CVE-2013-3812
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
CVE-2013-3809
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
CVE-2013-3808
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows
CVE-2013-3805
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
CVE-2013-3804
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and ear
CVE-2013-3802
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and ear
CVE-2013-3801
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
CVE-2013-3794
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
CVE-2013-3793
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
CVE-2013-3783
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to af
CVE-2013-1690
all versions
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do
8.8
HIGH
CVE-2013-2465
all versions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 a
9.8
CRITICAL
CVE-2011-1585
all versions
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations
CVE-2013-2147
all versions
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 d
CVE-2013-2021
all versions
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted leng
CVE-2013-2020
all versions
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service
CVE-2013-3301
all versions
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereferen
CVE-2013-0800
all versions
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozill
CVE-2013-1861
all versions
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlie
CVE-2012-6075
all versions
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when t
CVE-2013-0170
all versions
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 b
CVE-2013-0771
all versions
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x
CVE-2013-0770
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonke
CVE-2013-0769
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.
CVE-2013-0768
all versions
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
CVE-2013-0767
all versions
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
CVE-2013-0766
all versions
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.1
CVE-2013-0764
all versions
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before
CVE-2013-0763
all versions
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbir
CVE-2013-0762
all versions
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.
CVE-2013-0761
all versions
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR
CVE-2013-0760
all versions
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2,
CVE-2013-0759
all versions
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10
CVE-2013-0758
all versions
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10
CVE-2013-0757
all versions
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before
CVE-2013-0756
all versions
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderb
CVE-2013-0755
all versions
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 1
CVE-2013-0754
all versions
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12
CVE-2013-0753
all versions
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0
CVE-2013-0752
all versions
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and Se
CVE-2013-0750
all versions
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
CVE-2013-0749
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunder
CVE-2013-0748
all versions
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2,
CVE-2013-0747
all versions
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thun
CVE-2013-0746
all versions
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10
CVE-2013-0745
all versions
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbir
CVE-2013-0744
all versions
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0,
CVE-2012-5612
all versions
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versio
CVE-2012-3515
all versions
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows l
CVE-2012-5843
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey
CVE-2012-5842
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunde
CVE-2012-5841
all versions
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and Se
CVE-2012-5840
all versions
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x bef
CVE-2012-5839
all versions
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox
CVE-2012-5838
all versions
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey be
CVE-2012-5836
all versions
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code o
CVE-2012-5835
all versions
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0,
CVE-2012-5833
all versions
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
CVE-2012-5830
all versions
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird
8.8
HIGH
CVE-2012-5829
all versions
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11
CVE-2012-4218
all versions
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbir
CVE-2012-4217
all versions
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird befo
CVE-2012-4216
all versions
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11
CVE-2012-4215
all versions
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.
CVE-2012-4214
all versions
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x bef
CVE-2012-4213
all versions
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, a
CVE-2012-4212
all versions
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and S
CVE-2012-4209
all versions
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and Se
CVE-2012-4208
all versions
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not conside
CVE-2012-4207
all versions
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17
CVE-2012-4205
all versions
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandb
CVE-2012-4204
all versions
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2
CVE-2012-4202
all versions
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before
CVE-2012-4201
all versions
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunder
CVE-2012-4196
all versions
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, an
CVE-2012-4195
all versions
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Th
CVE-2012-4194
all versions
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, an
CVE-2012-4193
all versions
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and
CVE-2012-4188
all versions
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
CVE-2012-4187
all versions
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin