Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5439 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8836 | 2 Fedoraproject, Fuseiso Project | 2 Fedora, Fuseiso | 2025-04-12 | N/A |
| Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. | ||||
| CVE-2015-8807 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | ||||
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 23 Fedora, Filezilla Server, Mariadb and 20 more | 2025-04-12 | 7.4 High |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | ||||
| CVE-2015-8540 | 4 Debian, Fedoraproject, Libpng and 1 more | 9 Debian Linux, Fedora, Libpng and 6 more | 2025-04-12 | N/A |
| Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. | ||||
| CVE-2016-1523 | 5 Debian, Fedoraproject, Mozilla and 2 more | 6 Debian Linux, Fedora, Firefox and 3 more | 2025-04-12 | N/A |
| The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. | ||||
| CVE-2015-8466 | 2 Fedoraproject, Openstack | 2 Fedora, Swift3 | 2025-04-12 | N/A |
| Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | ||||
| CVE-2015-8400 | 2 Fedoraproject, Shellinabox Project | 2 Fedora, Shellinabox | 2025-04-12 | N/A |
| The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | ||||
| CVE-2010-5312 | 7 Apache, Debian, Drupal and 4 more | 7 Drill, Debian Linux, Drupal and 4 more | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | ||||
| CVE-2015-8393 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2025-04-12 | 7.5 High |
| pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. | ||||
| CVE-2015-8391 | 5 Fedoraproject, Oracle, Pcre and 2 more | 12 Fedora, Linux, Pcre and 9 more | 2025-04-12 | 9.8 Critical |
| The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2015-8383 | 4 Fedoraproject, Pcre, Php and 1 more | 4 Fedora, Perl Compatible Regular Expression Library, Php and 1 more | 2025-04-12 | 9.8 Critical |
| PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2015-8387 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2025-04-12 | 7.3 High |
| PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2015-8386 | 5 Fedoraproject, Oracle, Pcre and 2 more | 6 Fedora, Linux, Perl Compatible Regular Expression Library and 3 more | 2025-04-12 | 9.8 Critical |
| PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2014-9639 | 3 Fedoraproject, Opensuse, Xiph | 3 Fedora, Opensuse, Vorbis-tools | 2025-04-12 | N/A |
| Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | ||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 24 Mac Os X, Ubuntu Linux, Debian Linux and 21 more | 2025-04-12 | N/A |
| Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | ||||
| CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2025-04-12 | N/A |
| Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | ||||
| CVE-2015-8779 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | ||||
| CVE-2015-7827 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2025-04-12 | N/A |
| Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | ||||
| CVE-2015-7513 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.5 Medium |
| arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | ||||
| CVE-2015-7295 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2025-04-12 | N/A |
| hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | ||||