Search Results (16509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0206 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-12 N/A
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
CVE-2014-9709 6 Canonical, Debian, Libgd and 3 more 7 Ubuntu Linux, Debian Linux, Libgd and 4 more 2025-04-12 N/A
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
CVE-2015-0287 2 Openssl, Redhat 3 Openssl, Enterprise Linux, Storage 2025-04-12 N/A
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
CVE-2016-2106 2 Openssl, Redhat 13 Openssl, Enterprise Linux, Enterprise Linux Desktop and 10 more 2025-04-12 N/A
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVE-2015-0289 2 Openssl, Redhat 3 Openssl, Enterprise Linux, Storage 2025-04-12 N/A
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
CVE-2016-0598 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-8845 4 Linux, Novell, Redhat and 1 more 10 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 7 more 2025-04-12 N/A
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
CVE-2016-0607 4 Canonical, Opensuse, Oracle and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
CVE-2016-0608 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
CVE-2016-0611 4 Canonical, Opensuse, Oracle and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2014-9529 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2025-04-12 N/A
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
CVE-2016-0616 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2010-4820 2 Ghostscript, Redhat 2 Ghostscript, Enterprise Linux 2025-04-12 N/A
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
CVE-2016-2798 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2797 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.
CVE-2015-7182 3 Mozilla, Oracle, Redhat 11 Firefox, Network Security Services, Glassfish Server and 8 more 2025-04-12 N/A
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more 2025-04-12 N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
CVE-2015-7188 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
CVE-2014-9585 7 Canonical, Debian, Fedoraproject and 4 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2025-04-12 N/A
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
CVE-2015-7205 4 Fedoraproject, Mozilla, Opensuse and 1 more 5 Fedora, Firefox, Leap and 2 more 2025-04-12 N/A
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.