address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
Max CVSS
2.5
EPSS Score
0.05%
Published
2020-06-02
Updated
2022-11-16
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
Max CVSS
2.3
EPSS Score
0.04%
Published
2020-05-13
Updated
2020-08-03
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
Max CVSS
2.4
EPSS Score
0.13%
Published
2020-01-21
Updated
2022-01-28
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
Max CVSS
2.4
EPSS Score
0.32%
Published
2019-12-03
Updated
2022-03-31
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
Max CVSS
1.7
EPSS Score
0.17%
Published
2016-01-21
Updated
2019-12-27
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
Max CVSS
2.8
EPSS Score
0.35%
Published
2016-01-21
Updated
2019-04-22
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
Max CVSS
2.6
EPSS Score
0.97%
Published
2015-11-18
Updated
2019-03-08
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
Max CVSS
2.1
EPSS Score
0.08%
Published
2015-11-10
Updated
2016-12-07
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
Max CVSS
2.0
EPSS Score
0.21%
Published
2016-04-19
Updated
2017-07-01
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Max CVSS
2.8
EPSS Score
0.18%
Published
2015-10-21
Updated
2022-09-29
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
Max CVSS
1.7
EPSS Score
0.18%
Published
2015-10-21
Updated
2022-09-15
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.
Max CVSS
1.7
EPSS Score
0.58%
Published
2015-07-16
Updated
2018-01-05
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
Max CVSS
2.6
EPSS Score
0.44%
Published
2015-06-10
Updated
2017-11-08
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-05-27
Updated
2018-01-05
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.
Max CVSS
2.1
EPSS Score
0.06%
Published
2015-07-16
Updated
2018-01-05
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-09-17
Updated
2019-02-04
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
Max CVSS
2.6
EPSS Score
0.39%
Published
2015-02-25
Updated
2018-10-30
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
Max CVSS
1.9
EPSS Score
0.08%
Published
2015-01-21
Updated
2022-05-13
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-03-02
Updated
2020-05-21
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-09
Updated
2020-05-21
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-09
Updated
2023-02-13
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
Max CVSS
2.1
EPSS Score
0.46%
Published
2015-01-16
Updated
2020-11-20
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-12-19
Updated
2023-02-13
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-11-18
Updated
2023-12-27
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-08
Updated
2018-11-16
81 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!