Filtered by vendor Oracle
Subscriptions
Total
9866 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-4555 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. | ||||
CVE-2016-4581 | 4 Canonical, Linux, Oracle and 1 more | 5 Ubuntu Linux, Linux Kernel, Linux and 2 more | 2024-08-06 | N/A |
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. | ||||
CVE-2016-4556 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | ||||
CVE-2016-4553 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | ||||
CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-08-06 | N/A |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | ||||
CVE-2016-4483 | 4 Debian, Oracle, Redhat and 1 more | 4 Debian Linux, Solaris, Jboss Core Services and 1 more | 2024-08-06 | 7.5 High |
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. | ||||
CVE-2016-4470 | 4 Linux, Novell, Oracle and 1 more | 17 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 14 more | 2024-08-06 | N/A |
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | ||||
CVE-2016-4447 | 9 Apple, Canonical, Debian and 6 more | 14 Iphone Os, Itunes, Mac Os X and 11 more | 2024-08-06 | N/A |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | ||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2024-08-06 | 9.8 Critical |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||
CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | ||||
CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | ||||
CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-08-06 | N/A |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | ||||
CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2024-08-06 | 6.5 Medium |
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | ||||
CVE-2016-4053 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. | ||||
CVE-2016-4051 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. | ||||
CVE-2016-4054 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. | ||||
CVE-2016-3991 | 3 Libtiff, Oracle, Redhat | 3 Libtiff, Vm Server, Enterprise Linux | 2024-08-06 | N/A |
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. | ||||
CVE-2016-3990 | 3 Libtiff, Oracle, Redhat | 3 Libtiff, Vm Server, Enterprise Linux | 2024-08-06 | N/A |
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. | ||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-08-06 | N/A |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | ||||
CVE-2016-3945 | 3 Libtiff, Oracle, Redhat | 3 Libtiff, Vm Server, Enterprise Linux | 2024-08-06 | N/A |
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. |