Search Results (16500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4555 4 Canonical, Oracle, Redhat and 1 more 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more 2025-04-12 N/A
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4565 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 7.8 High
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4913 5 Canonical, Linux, Novell and 2 more 8 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 5 more 2025-04-12 7.8 High
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
CVE-2016-8655 3 Canonical, Linux, Redhat 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 7.8 High
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVE-2015-7613 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
CVE-2015-7941 3 Canonical, Redhat, Xmlsoft 4 Ubuntu Linux, Enterprise Linux, Jboss Enterprise Web Server and 1 more 2025-04-12 N/A
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
CVE-2016-5158 3 Google, Opensuse, Redhat 4 Chrome, Leap, Enterprise Linux and 1 more 2025-04-12 N/A
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2004-2771 4 Bsd Mailx Project, Heirloom, Oracle and 1 more 4 Bsd Mailx, Mailx, Linux and 1 more 2025-04-12 N/A
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVE-2015-8746 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.
CVE-2016-5264 3 Mozilla, Oracle, Redhat 3 Firefox, Linux, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
CVE-2015-8767 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 N/A
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8779 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 N/A
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2016-5278 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
CVE-2016-5281 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
CVE-2015-8839 3 Canonical, Linux, Redhat 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 5.1 Medium
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
CVE-2015-8844 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
CVE-2016-5361 2 Libreswan, Redhat 2 Libreswan, Enterprise Linux 2025-04-12 N/A
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.
CVE-2015-8870 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2025-04-12 N/A
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
CVE-2015-4521 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-5432 1 Redhat 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.