Max CVSS 10.0 Min CVSS 1.9 Total Count114
IDCVSSSummaryLast (major) updatePublished
CVE-2015-7549 2.1
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
30-10-2017 - 10:29 30-10-2017 - 10:29
CVE-2016-0705 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2015-8619 5.0
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
20-04-2017 - 09:46 13-04-2017 - 13:59
CVE-2015-8567 6.8
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
20-04-2017 - 09:44 13-04-2017 - 13:59
CVE-2015-8345 2.1
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
20-04-2017 - 09:43 13-04-2017 - 13:59
CVE-2015-8568 4.7
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
17-04-2017 - 13:05 11-04-2017 - 15:59
CVE-2015-8613 1.9
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INF
17-04-2017 - 08:57 11-04-2017 - 15:59
CVE-2015-8504 3.5
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
17-04-2017 - 08:55 11-04-2017 - 15:59
CVE-2016-0787 4.3
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes
23-03-2017 - 21:59 13-04-2016 - 13:59
CVE-2016-1521 6.8
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary
16-02-2017 - 21:59 12-02-2016 - 21:59
CVE-2015-8607 7.5
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted st
31-01-2017 - 21:59 13-01-2016 - 10:59
CVE-2015-8817 2.1
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A
03-01-2017 - 13:49 29-12-2016 - 17:59
CVE-2015-8744 2.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to c
30-12-2016 - 21:59 29-12-2016 - 17:59
CVE-2013-5589 7.5
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
30-12-2016 - 21:59 29-08-2013 - 08:07
CVE-2013-2236 2.6
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (cr
30-12-2016 - 21:59 23-10-2013 - 23:48
CVE-2015-8743 3.6
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corru
30-12-2016 - 15:55 29-12-2016 - 17:59
CVE-2015-8745 2.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
30-12-2016 - 15:50 29-12-2016 - 17:59
CVE-2015-8818 2.1
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
30-12-2016 - 12:26 29-12-2016 - 17:59
CVE-2016-1922 2.1
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, whic
30-12-2016 - 12:26 29-12-2016 - 17:59
CVE-2016-1981 2.1
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is
30-12-2016 - 11:51 29-12-2016 - 17:59
CVE-2016-2198 2.1
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this f
30-12-2016 - 11:01 29-12-2016 - 17:59
CVE-2015-4477 10.0
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-1805 7.2
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a den
21-12-2016 - 21:59 08-08-2015 - 06:59
CVE-2014-5026 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input M
21-12-2016 - 21:59 20-10-2014 - 13:55
CVE-2014-5025 3.5
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
21-12-2016 - 21:59 20-10-2014 - 13:55
CVE-2014-7815 5.0
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
07-12-2016 - 22:06 14-11-2014 - 10:59
CVE-2015-8377 6.5
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a
07-12-2016 - 13:27 15-12-2015 - 16:59
CVE-2015-7207 5.0
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages hi
07-12-2016 - 13:23 16-12-2015 - 06:59
CVE-2014-0222 7.5
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
06-12-2016 - 22:00 04-11-2014 - 16:55
CVE-2016-2270 4.6
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
06-12-2016 - 14:53 19-02-2016 - 11:59
CVE-2016-2271 2.1
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
05-12-2016 - 22:08 19-02-2016 - 11:59
CVE-2016-1526 5.8
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive inform
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-1523 4.3
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (mis
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-3116 5.5
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
02-12-2016 - 22:26 22-03-2016 - 06:59
CVE-2016-2802 6.8
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
02-12-2016 - 22:26 13-03-2016 - 14:59
CVE-2016-2801 6.8
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possi
02-12-2016 - 22:26 13-03-2016 - 14:59
CVE-2016-2800 6.8
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifie
02-12-2016 - 22:26 13-03-2016 - 14:59
CVE-2016-2799 9.3
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2798 6.8
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifi
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2797 6.8
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspec
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2796 6.8
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have u
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2795 6.8
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2794 9.3
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2793 6.8
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphi
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2792 6.8
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifie
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2791 6.8
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2790 6.8
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-2381 5.0
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
02-12-2016 - 22:25 08-04-2016 - 11:59
CVE-2016-2342 7.6
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remo
02-12-2016 - 22:25 17-03-2016 - 10:59
CVE-2016-2324 10.0
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
02-12-2016 - 22:24 08-04-2016 - 10:59
CVE-2016-2315 10.0
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
02-12-2016 - 22:24 08-04-2016 - 10:59
CVE-2016-1989 10.0
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
02-12-2016 - 22:24 14-03-2016 - 20:59
CVE-2016-1988 10.0
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
02-12-2016 - 22:24 14-03-2016 - 20:59
CVE-2016-1977 6.8
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory c
02-12-2016 - 22:24 13-03-2016 - 14:59
CVE-2016-1974 6.8
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-o
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1966 6.8
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereferenc
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1965 4.3
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.prot
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1964 6.8
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishan
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1962 10.0
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel conn
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1961 6.8
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1960 6.8
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1958 4.3
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1957 4.3
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1954 6.8
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows r
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1952 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1714 6.9
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-o
02-12-2016 - 22:22 07-04-2016 - 15:59
CVE-2016-1650 9.3
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by tri
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1649 9.3
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1648 9.3
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspeci
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1647 9.3
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1646 9.3
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or po
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1571 4.7
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest add
02-12-2016 - 22:21 22-01-2016 - 10:59
CVE-2016-1570 6.9
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page ident
02-12-2016 - 22:21 22-01-2016 - 10:59
CVE-2016-1568 9.3
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ)
02-12-2016 - 22:21 11-04-2016 - 22:00
CVE-2016-0774 5.6
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do
02-12-2016 - 22:18 27-04-2016 - 13:59
CVE-2016-0739 4.3
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH
02-12-2016 - 22:17 13-04-2016 - 13:59
CVE-2016-0636 9.3
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
02-12-2016 - 22:16 24-03-2016 - 14:59
CVE-2015-8833 10.0
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate
02-12-2016 - 22:14 11-04-2016 - 21:59
CVE-2015-8604 6.5
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
02-12-2016 - 22:13 11-04-2016 - 17:59
CVE-2015-8555 5.0
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains
02-12-2016 - 22:13 13-04-2016 - 11:59
CVE-2015-8550 5.7
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
02-12-2016 - 22:13 14-04-2016 - 10:59
CVE-2015-8154 9.3
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permi
02-12-2016 - 22:13 18-03-2016 - 10:59
CVE-2015-8153 8.3
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
02-12-2016 - 22:13 18-03-2016 - 10:59
CVE-2015-8152 8.5
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lin
02-12-2016 - 22:13 18-03-2016 - 10:59
CVE-2015-7560 4.0
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then u
02-12-2016 - 22:13 13-03-2016 - 18:59
CVE-2015-4342 7.5
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
02-12-2016 - 22:10 17-06-2015 - 14:59
CVE-2015-2665 4.3
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
02-12-2016 - 22:05 17-06-2015 - 14:59
CVE-2016-2841 2.1
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTO
28-11-2016 - 15:05 16-06-2016 - 14:59
CVE-2016-2538 3.6
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS
28-11-2016 - 15:04 16-06-2016 - 14:59
CVE-2016-2392 2.1
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer de
28-11-2016 - 15:04 16-06-2016 - 14:59
CVE-2016-2391 2.1
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
28-11-2016 - 15:04 16-06-2016 - 14:59
CVE-2015-4454 7.5
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
28-11-2016 - 14:28 17-06-2015 - 14:59
CVE-2015-3228 6.8
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, whic
28-11-2016 - 14:23 11-08-2015 - 10:59
CVE-2015-1779 7.8
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
14-10-2016 - 22:00 12-01-2016 - 14:59
CVE-2015-7512 6.8
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
11-10-2016 - 22:01 08-01-2016 - 16:59
CVE-2015-8554 6.6
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable
08-09-2016 - 22:00 14-04-2016 - 10:59
CVE-2014-3640 2.1
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized s
31-08-2016 - 10:53 07-11-2014 - 14:55
CVE-2013-5588 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
29-06-2016 - 10:12 29-08-2013 - 08:07
CVE-2014-9718 4.9
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite
23-06-2016 - 14:30 21-04-2015 - 12:59
CVE-2015-8558 4.9
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
25-05-2016 - 11:39 23-05-2016 - 15:59
CVE-2015-8702 7.8
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
20-04-2016 - 09:46 12-04-2016 - 10:59
CVE-2015-6036 5.0
QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.
02-03-2016 - 10:41 27-02-2016 - 00:59
CVE-2015-7680 5.0
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
18-02-2016 - 18:16 10-02-2016 - 10:59
CVE-2015-7675 4.0
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg
18-02-2016 - 17:45 10-02-2016 - 10:59
CVE-2015-7677 4.0
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to M
11-02-2016 - 19:42 10-02-2016 - 10:59
CVE-2015-6855 10.0
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_
09-11-2015 - 15:24 06-11-2015 - 16:59
CVE-2015-4634 7.5
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
11-08-2015 - 14:23 11-08-2015 - 10:59
CVE-2014-3689 7.2
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
14-11-2014 - 12:05 14-11-2014 - 10:59
CVE-2013-4537 7.5
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
05-11-2014 - 10:42 04-11-2014 - 16:55
CVE-2013-4538 7.5
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) co
05-11-2014 - 10:41 04-11-2014 - 16:55
CVE-2013-4539 7.5
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a save
05-11-2014 - 10:40 04-11-2014 - 16:55
CVE-2013-4533 7.5
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
05-11-2014 - 10:16 04-11-2014 - 16:55
CVE-2013-4534 7.5
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
05-11-2014 - 10:15 04-11-2014 - 16:55
CVE-2012-3482 5.8
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in
04-04-2013 - 23:12 21-12-2012 - 00:46
Back to Top Mark selected
Back to Top