Total
4161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0473 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2025-04-12 | 5.0 MEDIUM | N/A |
| The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | |||||
| CVE-2015-1231 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-7162 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | |||||
| CVE-2015-8605 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2025-04-12 | 5.7 MEDIUM | 6.5 MEDIUM |
| ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | |||||
| CVE-2015-3258 | 3 Canonical, Debian, Linuxfoundation | 3 Ubuntu Linux, Debian Linux, Cups-filters | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | |||||
| CVE-2015-0413 | 3 Canonical, Oracle, Suse | 4 Ubuntu Linux, Jdk, Jre and 1 more | 2025-04-12 | 1.9 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. | |||||
| CVE-2015-8931 | 4 Canonical, Debian, Libarchive and 1 more | 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | |||||
| CVE-2016-0595 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2015-2296 | 3 Canonical, Mageia Project, Python | 3 Ubuntu Linux, Mageia, Requests | 2025-04-12 | 6.8 MEDIUM | N/A |
| The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | |||||
| CVE-2014-2568 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 2.9 LOW | N/A |
| Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. | |||||
| CVE-2015-0499 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | |||||
| CVE-2015-5214 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. | |||||
| CVE-2015-5706 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
| Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. | |||||
| CVE-2015-3636 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. | |||||
| CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 30 Ubuntu Linux, Imagemagick, Leap and 27 more | 2025-04-12 | 5.8 MEDIUM | 5.5 MEDIUM |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||||
| CVE-2014-9765 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |||||
| CVE-2016-4053 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. | |||||
| CVE-2016-4482 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | |||||
| CVE-2014-4608 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. | |||||
| CVE-2015-1228 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. | |||||