Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7703 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | |||||
| CVE-2015-7702 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
| CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
| CVE-2015-8896 | 3 Imagemagick, Oracle, Redhat | 8 Imagemagick, Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |||||
| CVE-2015-7701 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 9 Debian Linux, Openssh, Linux and 6 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | |||||
| CVE-2016-1957 | 4 Mozilla, Novell, Opensuse and 1 more | 6 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 3 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | |||||
| CVE-2014-3687 | 8 Canonical, Debian, Linux and 5 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | |||||
| CVE-2016-2792 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | |||||
| CVE-2016-3521 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. | |||||
| CVE-2016-4951 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Linux | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. | |||||
| CVE-2016-1935 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Leap, Opensuse and 1 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | |||||
| CVE-2014-8134 | 5 Canonical, Linux, Opensuse and 2 more | 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more | 2025-04-12 | 1.9 LOW | 3.3 LOW |
| The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | |||||
| CVE-2014-3647 | 7 Canonical, Debian, Linux and 4 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | 1.9 LOW | 5.5 MEDIUM |
| arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2013-7421 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. | |||||