Search Results (101 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4486 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2025-04-12 N/A
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4569 4 Canonical, Linux, Novell and 1 more 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more 2025-04-12 N/A
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2016-4805 5 Canonical, Linux, Novell and 2 more 12 Ubuntu Linux, Linux Kernel, Opensuse Leap and 9 more 2025-04-12 7.8 High
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
CVE-2016-4913 5 Canonical, Linux, Novell and 2 more 8 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 5 more 2025-04-12 7.8 High
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
CVE-2016-4997 6 Canonical, Debian, Linux and 3 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2025-04-12 7.8 High
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
CVE-2015-0408 6 Canonical, Debian, Novell and 3 more 11 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
CVE-2016-4485 3 Canonical, Linux, Novell 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more 2025-04-12 N/A
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
CVE-2015-0383 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
CVE-2015-2724 6 Canonical, Debian, Mozilla and 3 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-2725 4 Mozilla, Novell, Oracle and 1 more 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-2728 4 Mozilla, Novell, Oracle and 1 more 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
CVE-2015-2730 5 Debian, Mozilla, Novell and 2 more 10 Debian Linux, Firefox, Firefox Esr and 7 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
CVE-2015-2736 6 Canonical, Debian, Mozilla and 3 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 N/A
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
CVE-2016-7796 3 Novell, Redhat, Systemd Project 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more 2025-04-12 N/A
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVE-2016-0363 3 Ibm, Novell, Redhat 15 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 12 more 2025-04-12 N/A
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2015-0410 6 Canonical, Debian, Novell and 3 more 12 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 9 more 2025-04-12 N/A
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
CVE-2015-0405 2 Novell, Oracle 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
CVE-2015-0438 2 Novell, Oracle 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
CVE-2015-0400 4 Canonical, Novell, Opensuse and 1 more 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
CVE-2015-2733 4 Mozilla, Novell, Oracle and 1 more 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.