Total
531 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0760 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. | ||||
| CVE-2017-0759 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. | ||||
| CVE-2017-0622 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602. | ||||
| CVE-2017-0193 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-11-21 | N/A |
| Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability". | ||||
| CVE-2016-11034 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016). | ||||
| CVE-2016-11026 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). | ||||
| CVE-2015-2688 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | ||||
| CVE-2014-1943 | 5 Canonical, Debian, Fine Free File Project and 2 more | 6 Ubuntu Linux, Debian Linux, Fine Free File and 3 more | 2024-11-21 | N/A |
| Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | ||||
| CVE-2013-4584 | 2 Debian, Horms | 2 Debian Linux, Perdition | 2024-11-21 | 5.9 Medium |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | ||||
| CVE-2012-1109 | 1 Pediapress | 1 Mwlib | 2024-11-21 | 7.5 High |
| mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | ||||
| CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 7.5 High |
| simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | ||||
| CVE-2011-2807 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. | ||||
| CVE-2011-2336 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | ||||
| CVE-2009-5043 | 2 Burn Project, Debian | 2 Burn, Debian Linux | 2024-11-21 | 9.8 Critical |
| burn allows file names to escape via mishandled quotation marks | ||||
| CVE-2006-5170 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | ||||
| CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
| In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | ||||
| CVE-2024-51744 | 2024-11-05 | 3.1 Low | ||
| golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above. | ||||
| CVE-2024-47491 | 1 Juniper | 2 Junos, Junos Evolved | 2024-10-22 | 5.9 Medium |
| An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. While this issue affects systems running 32-bit and 64-bit systems, the probability of impact on 64-bit system is extremely low. According to KB25803 https://supportportal.juniper.net/s/article/Junos-How-to-check-if-Junos-OS-is-64-or-32-bit-on-a-router , customers can confirm 32-bit or 64-bit system via the ' show version detail ' command: lab@router> show version detail| match 32 JUNOS 32-bit kernel Software Suite lab@router> show version detail| match 64 JUNOS 64-bit kernel Software Suite This issue affects: Juniper Networks Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Juniper Networks Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO. | ||||
| CVE-2024-47767 | 1 Enalean | 2 Tuleap, Tuleap Enterprise | 2024-10-17 | 4.3 Medium |
| Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | ||||
| CVE-2024-47766 | 1 Enalean | 1 Tuleap | 2024-10-17 | 4.9 Medium |
| Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | ||||