Search Results (5376 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1572 5 Canonical, Debian, Ecryptfs and 2 more 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more 2025-04-12 8.4 High
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2014-1571 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2025-04-12 N/A
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
CVE-2010-5109 2 Fedoraproject, Randall Hand 2 Fedora, Yerase\'s Tnef Stream Reader 2025-04-12 N/A
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
CVE-2016-1232 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2025-04-12 N/A
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
CVE-2015-7213 4 Fedoraproject, Mozilla, Opensuse and 1 more 5 Fedora, Firefox, Leap and 2 more 2025-04-12 N/A
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
CVE-2016-1231 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2025-04-12 N/A
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
CVE-2016-1523 5 Debian, Fedoraproject, Mozilla and 2 more 6 Debian Linux, Fedora, Firefox and 3 more 2025-04-12 N/A
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
CVE-2014-9527 3 Apache, Fedoraproject, Redhat 3 Poi, Fedora, Jboss Data Virtualization 2025-04-12 N/A
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
CVE-2015-1462 2 Clamav, Fedoraproject 2 Clamav, Fedora 2025-04-12 N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVE-2015-2080 2 Eclipse, Fedoraproject 2 Jetty, Fedora 2025-04-12 N/A
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
CVE-2014-6394 3 Apple, Fedoraproject, Joyent 3 Xcode, Fedora, Node.js 2025-04-12 N/A
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
CVE-2016-1234 3 Fedoraproject, Gnu, Opensuse 4 Fedora, Glibc, Leap and 1 more 2025-04-12 N/A
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2016-7167 3 Fedoraproject, Haxx, Redhat 5 Fedora, Libcurl, Enterprise Linux and 2 more 2025-04-12 N/A
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
CVE-2015-4342 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
CVE-2014-8630 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2025-04-12 N/A
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
CVE-2014-4341 4 Debian, Fedoraproject, Mit and 1 more 11 Debian Linux, Fedora, Kerberos 5 and 8 more 2025-04-12 N/A
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
CVE-2016-9014 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2025-04-12 N/A
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
CVE-2015-4830 8 Canonical, Debian, Fedoraproject and 5 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-4858 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
CVE-2014-9761 6 Canonical, Fedoraproject, Gnu and 3 more 10 Ubuntu Linux, Fedora, Glibc and 7 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.