Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7440 4 Debian, Mariadb, Oracle and 1 more 4 Debian Linux, Mariadb, Mysql and 1 more 2025-04-12 5.5 Medium
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVE-2016-7908 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 4.4 Medium
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
CVE-2016-8864 4 Debian, Isc, Netapp and 1 more 16 Debian Linux, Bind, Data Ontap Edge and 13 more 2025-04-12 7.5 High
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
CVE-2016-9105 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 6.0 Medium
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
CVE-2016-9106 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 6.0 Medium
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2016-9189 2 Debian, Python 2 Debian Linux, Pillow 2025-04-12 N/A
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
CVE-2016-9190 2 Debian, Python 2 Debian Linux, Pillow 2025-04-12 N/A
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
CVE-2016-9911 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2025-04-12 6.5 Medium
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9914 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.5 Medium
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
CVE-2016-9964 2 Bottlepy, Debian 2 Bottle, Debian Linux 2025-04-12 N/A
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
CVE-2015-2776 2 Debian, Gaia-gis 2 Debian Linux, Freexl 2025-04-12 N/A
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
CVE-2016-2828 5 Canonical, Debian, Mozilla and 2 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2025-04-12 N/A
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
CVE-2016-2818 6 Canonical, Debian, Mozilla and 3 more 22 Ubuntu Linux, Debian Linux, Firefox and 19 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-9496 5 Canonical, Debian, Libsndfile Project and 2 more 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more 2025-04-12 N/A
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2016-3070 3 Debian, Linux, Redhat 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-12 N/A
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
CVE-2016-0718 10 Apple, Canonical, Debian and 7 more 16 Mac Os X, Ubuntu Linux, Debian Linux and 13 more 2025-04-12 9.8 Critical
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2014-2830 1 Debian 1 Cifs-utils 2025-04-12 N/A
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-5828 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2025-04-12 7.8 High
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
CVE-2014-9713 2 Debian, Openldap 2 Debian Linux, Openldap 2025-04-12 N/A
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
CVE-2014-1738 5 Debian, Linux, Oracle and 2 more 12 Debian Linux, Linux Kernel, Linux and 9 more 2025-04-12 N/A
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.