Search Results (4189 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9765 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2025-04-12 N/A
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
CVE-2014-9766 2 Canonical, Pixman 2 Ubuntu Linux, Pixman 2025-04-12 N/A
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVE-2014-3633 3 Canonical, Libvirt, Redhat 3 Ubuntu Linux, Libvirt, Enterprise Linux 2025-04-12 N/A
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
CVE-2014-3621 3 Canonical, Openstack, Redhat 4 Ubuntu Linux, Keystone, Enterprise Linux and 1 more 2025-04-12 N/A
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
CVE-2016-0609 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
CVE-2014-3618 3 Canonical, Procmail, Redhat 3 Ubuntu Linux, Procmail, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
CVE-2014-3615 5 Canonical, Debian, Opensuse and 2 more 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more 2025-04-12 N/A
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2016-0610 6 Canonical, Debian, Mariadb and 3 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2014-3611 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 4.7 Medium
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
CVE-2014-3610 6 Canonical, Debian, Linux and 3 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 5.5 Medium
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
CVE-2014-3601 5 Canonical, Linux, Opensuse and 2 more 7 Ubuntu Linux, Linux Kernel, Evergreen and 4 more 2025-04-12 N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2014-3581 4 Apache, Canonical, Oracle and 1 more 12 Http Server, Ubuntu Linux, Enterprise Manager Ops Center and 9 more 2025-04-12 N/A
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
CVE-2016-0608 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
CVE-2016-0611 4 Canonical, Opensuse, Oracle and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2014-3583 4 Apache, Apple, Canonical and 1 more 6 Http Server, Mac Os X, Os X Server and 3 more 2025-04-12 N/A
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
CVE-2014-3565 4 Apple, Canonical, Net-snmp and 1 more 4 Mac Os X, Ubuntu Linux, Net-snmp and 1 more 2025-04-12 N/A
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
CVE-2015-0221 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2025-04-12 N/A
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
CVE-2015-0222 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2025-04-12 N/A
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
CVE-2015-0228 5 Apache, Apple, Canonical and 2 more 6 Http Server, Mac Os X, Mac Os X Server and 3 more 2025-04-12 N/A
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
CVE-2016-0600 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.