| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-7443 |
20 |
|
|
2019-05-07 |
2019-05-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. |
|
2 |
CVE-2019-5736 |
216 |
|
Exec Code |
2019-02-11 |
2019-06-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. |
|
3 |
CVE-2019-3855 |
190 |
|
Exec Code Overflow |
2019-03-21 |
2019-05-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. |
|
4 |
CVE-2017-11610 |
276 |
|
Exec Code |
2017-08-23 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. |
|
5 |
CVE-2016-9961 |
189 |
|
|
2017-06-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
game-music-emu before 0.6.1 mishandles unspecified integer values. |
|
6 |
CVE-2016-6299 |
264 |
|
+Priv Bypass |
2017-04-14 |
2017-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. |
|
7 |
CVE-2016-2334 |
119 |
|
Exec Code Overflow |
2016-12-13 |
2017-12-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. |
|
8 |
CVE-2016-1522 |
119 |
|
DoS Exec Code Overflow |
2016-02-12 |
2017-06-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. |
|
9 |
CVE-2015-8868 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-05-06 |
2018-01-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. |
|
10 |
CVE-2015-8540 |
189 |
|
|
2016-04-14 |
2017-11-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. |
|
11 |
CVE-2015-8106 |
134 |
|
Exec Code |
2016-04-18 |
2016-05-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. |
|
12 |
CVE-2015-7221 |
119 |
|
DoS Overflow |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. |
|
13 |
CVE-2015-7220 |
119 |
|
DoS Overflow |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. |
|
14 |
CVE-2015-7205 |
189 |
|
DoS +Info |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. |
|
15 |
CVE-2015-7203 |
119 |
|
DoS Overflow |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. |
|
16 |
CVE-2015-7202 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
17 |
CVE-2015-7201 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
18 |
CVE-2015-6855 |
264 |
|
DoS |
2015-11-06 |
2017-06-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. |
|
19 |
CVE-2015-2806 |
119 |
|
Overflow |
2015-04-10 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. |
|
20 |
CVE-2015-1815 |
77 |
|
Exec Code |
2015-03-30 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. |
|
21 |
CVE-2015-0278 |
264 |
|
+Priv |
2015-05-18 |
2018-08-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. |
|
22 |
CVE-2014-1528 |
119 |
|
DoS Exec Code Overflow |
2014-04-30 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. |
|
23 |
CVE-2014-1525 |
399 |
|
DoS Exec Code Mem. Corr. |
2014-04-30 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. |
|
24 |
CVE-2014-1522 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-04-30 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content. |
|
25 |
CVE-2014-1519 |
|
|
DoS Exec Code Mem. Corr. |
2014-04-30 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
26 |
CVE-2014-0247 |
|
|
|
2014-07-03 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. |
|
27 |
CVE-2013-0170 |
399 |
|
DoS Exec Code |
2013-02-08 |
2019-04-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. |
|
28 |
CVE-2010-0395 |
264 |
|
Exec Code Bypass |
2010-06-09 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. |
