Total
4163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1659 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-9709 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | |||||
| CVE-2015-0808 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-1219 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. | |||||
| CVE-2016-3521 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. | |||||
| CVE-2015-5296 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.4 MEDIUM |
| Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | |||||
| CVE-2016-4951 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Linux | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. | |||||
| CVE-2015-4475 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. | |||||
| CVE-2016-0466 | 2 Canonical, Oracle | 3 Ubuntu Linux, Jdk, Jre | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. | |||||
| CVE-2016-4355 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||||
| CVE-2014-8134 | 5 Canonical, Linux, Opensuse and 2 more | 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more | 2025-04-12 | 1.9 LOW | 3.3 LOW |
| The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | |||||
| CVE-2014-6416 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 7.8 HIGH | N/A |
| Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | |||||
| CVE-2014-3560 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2025-04-12 | 7.9 HIGH | N/A |
| NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | |||||
| CVE-2015-6855 | 6 Arista, Canonical, Debian and 3 more | 7 Eos, Ubuntu Linux, Debian Linux and 4 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | |||||
| CVE-2016-2326 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. | |||||
| CVE-2015-4047 | 5 Canonical, Debian, F5 and 2 more | 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more | 2025-04-12 | 7.8 HIGH | N/A |
| racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | |||||
| CVE-2014-3647 | 7 Canonical, Debian, Linux and 4 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | 1.9 LOW | 5.5 MEDIUM |
| arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2015-5707 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | |||||
| CVE-2013-7421 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. | |||||
| CVE-2015-6937 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 4.9 MEDIUM | N/A |
| The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | |||||