Show filters
201 Total Results
Displaying 21-30 of 201
Sort by:
Attacker Value
Unknown

CVE-2015-5239

Disclosure Date: January 23, 2020 (last updated February 21, 2025)
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-5278

Disclosure Date: January 23, 2020 (last updated February 21, 2025)
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-1000110

Disclosure Date: November 27, 2019 (last updated November 08, 2023)
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2016-4980

Disclosure Date: November 27, 2019 (last updated November 27, 2024)
A password generation weakness exists in xquest through 2016-06-13.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-6454

Disclosure Date: March 21, 2019 (last updated November 08, 2023)
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-8008

Disclosure Date: December 29, 2017 (last updated November 26, 2024)
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
0
0
Attacker Value
Unknown

CVE-2015-7687

Disclosure Date: October 16, 2017 (last updated November 26, 2024)
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
0
0
Attacker Value
Unknown

CVE-2015-5146

Disclosure Date: August 24, 2017 (last updated November 26, 2024)
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
0
0
Attacker Value
Unknown

CVE-2015-5258

Disclosure Date: August 22, 2017 (last updated November 26, 2024)
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-6816

Disclosure Date: August 09, 2017 (last updated November 26, 2024)
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
0
0
View More Topics  < Previous  Next >