Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2025-04-20 N/A
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2016-1253 1 Debian 2 Debian Linux, Most 2025-04-20 N/A
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.
CVE-2016-1252 2 Canonical, Debian 3 Ubuntu Linux, Advanced Package Tool, Debian Linux 2025-04-20 5.9 Medium
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
CVE-2016-1245 3 Debian, Quagga, Redhat 3 Debian Linux, Quagga, Enterprise Linux 2025-04-20 N/A
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-20 N/A
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
CVE-2016-10510 2 Debian, Kohanaframework 2 Debian Linux, Kohana 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.
CVE-2016-10247 2 Artifex, Debian 2 Mupdf, Debian Linux 2025-04-20 5.5 Medium
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-10246 2 Artifex, Debian 2 Mupdf, Debian Linux 2025-04-20 5.5 Medium
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-10244 2 Debian, Freetype 2 Debian Linux, Freetype 2025-04-20 N/A
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
CVE-2016-10243 3 Debian, Fedoraproject, Tug 3 Debian Linux, Fedora, Tex Live 2025-04-20 N/A
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVE-2016-10197 3 Debian, Libevent Project, Redhat 3 Debian Linux, Libevent, Enterprise Linux 2025-04-20 7.5 High
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVE-2016-10195 3 Debian, Libevent Project, Redhat 3 Debian Linux, Libevent, Enterprise Linux 2025-04-20 9.8 Critical
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 23 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 20 more 2025-04-20 7.1 High
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-10160 4 Debian, Netapp, Php and 1 more 4 Debian Linux, Clustered Data Ontap, Php and 1 more 2025-04-20 9.8 Critical
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10155 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2025-04-20 6.0 Medium
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2011-5325 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2025-04-20 7.5 High
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2012-6697 2 Debian, Inspire Ircd 2 Debian Linux, Inspircd 2025-04-20 N/A
InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).
CVE-2016-10002 3 Debian, Redhat, Squid-cache 3 Debian Linux, Enterprise Linux, Squid 2025-04-20 N/A
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
CVE-2016-0762 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2025-04-20 5.9 Medium
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.