Search Results (775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5452 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.
CVE-2015-4864 4 Canonical, Mariadb, Oracle and 1 more 12 Ubuntu Linux, Mariadb, Mysql and 9 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-2697 6 Canonical, Debian, Mit and 3 more 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more 2025-04-12 N/A
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
CVE-2014-8145 3 Debian, Oracle, Sound Exchange Project 3 Debian Linux, Solaris, Sound Exchange 2025-04-12 N/A
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
CVE-2014-8991 2 Oracle, Pypa 2 Solaris, Pip 2025-04-12 N/A
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
CVE-2015-0471 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.
CVE-2016-5387 8 Apache, Canonical, Debian and 5 more 22 Http Server, Ubuntu Linux, Debian Linux and 19 more 2025-04-12 8.1 High
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVE-2015-2736 6 Canonical, Debian, Mozilla and 3 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 N/A
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
CVE-2015-4487 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
CVE-2015-4488 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
CVE-2015-4492 5 Canonical, Mozilla, Opensuse and 2 more 5 Ubuntu Linux, Firefox, Opensuse and 2 more 2025-04-12 N/A
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
CVE-2015-0448 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.
CVE-2015-0561 3 Opensuse, Oracle, Wireshark 3 Opensuse, Solaris, Wireshark 2025-04-12 N/A
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
CVE-2015-0564 5 Debian, Opensuse, Oracle and 2 more 6 Debian Linux, Opensuse, Linux and 3 more 2025-04-12 N/A
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
CVE-2016-3465 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
CVE-2014-7142 3 Canonical, Oracle, Squid-cache 3 Ubuntu Linux, Solaris, Squid 2025-04-12 N/A
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
CVE-2016-5357 2 Oracle, Wireshark 2 Solaris, Wireshark 2025-04-12 N/A
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2015-2735 6 Canonical, Debian, Mozilla and 3 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 N/A
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
CVE-2016-3462 1 Oracle 1 Solaris 2025-04-12 N/A
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.
CVE-2015-2734 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.