Filtered by vendor Oracle
Subscriptions
Filtered by product Linux
Subscriptions
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1738 | 5 Debian, Linux, Oracle and 2 more | 12 Debian Linux, Linux Kernel, Linux and 9 more | 2025-04-12 | N/A |
| The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. | ||||
| CVE-2016-0617 | 1 Oracle | 1 Linux | 2025-04-12 | N/A |
| Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. | ||||
| CVE-2016-1958 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2025-04-12 | N/A |
| browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | ||||
| CVE-2016-1961 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Thunderbird, Leap and 4 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | ||||
| CVE-2016-1965 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | ||||
| CVE-2016-2791 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-2793 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-2795 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | ||||
| CVE-2016-2796 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-2797 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. | ||||
| CVE-2016-2798 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-2802 | 6 Mozilla, Opensuse, Oracle and 3 more | 7 Firefox, Leap, Opensuse and 4 more | 2025-04-12 | N/A |
| The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
| CVE-2016-3598 | 2 Oracle, Redhat | 7 Jdk, Jre, Linux and 4 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. | ||||
| CVE-2016-3610 | 2 Oracle, Redhat | 5 Jdk, Jre, Linux and 2 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. | ||||
| CVE-2016-5259 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Linux, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. | ||||
| CVE-2016-5425 | 3 Apache, Oracle, Redhat | 10 Tomcat, Instantis Enterprisetrack, Linux and 7 more | 2025-04-12 | 7.8 High |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | ||||
| CVE-2016-6197 | 3 Linux, Oracle, Redhat | 5 Linux Kernel, Linux, Vm Server and 2 more | 2025-04-12 | N/A |
| fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. | ||||
| CVE-2016-7039 | 3 Linux, Oracle, Redhat | 6 Linux Kernel, Linux, Vm Server and 3 more | 2025-04-12 | 7.5 High |
| The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. | ||||
| CVE-2016-7166 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | ||||
| CVE-2014-3487 | 6 Debian, File Project, Opensuse and 3 more | 7 Debian Linux, File, Opensuse and 4 more | 2025-04-12 | N/A |
| The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | ||||