Export limit exceeded: 10040 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10040 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2443 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-11 | N/A |
| schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. | ||||
| CVE-2011-1444 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2025-04-11 | N/A |
| Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-1440 | 3 Apple, Debian, Google | 4 Itunes, Safari, Debian Linux and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | ||||
| CVE-2010-4079 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. | ||||
| CVE-2010-2249 | 9 Apple, Canonical, Debian and 6 more | 13 Iphone Os, Itunes, Safari and 10 more | 2025-04-11 | 6.5 Medium |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||||
| CVE-2010-2226 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-11 | N/A |
| The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. | ||||
| CVE-2010-2063 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. | ||||
| CVE-2011-4107 | 3 Debian, Fedoraproject, Phpmyadmin | 3 Debian Linux, Fedora, Phpmyadmin | 2025-04-11 | 6.5 Medium |
| The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2010-1451 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-11 | N/A |
| The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. | ||||
| CVE-2010-4078 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | N/A |
| The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. | ||||
| CVE-2010-4074 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. | ||||
| CVE-2010-4073 | 5 Debian, Linux, Opensuse and 2 more | 9 Debian Linux, Linux Kernel, Opensuse and 6 more | 2025-04-11 | N/A |
| The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. | ||||
| CVE-2010-1437 | 5 Debian, Linux, Opensuse and 2 more | 8 Debian Linux, Linux Kernel, Opensuse and 5 more | 2025-04-11 | 7.0 High |
| Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | ||||
| CVE-2010-1321 | 8 Canonical, Debian, Fedoraproject and 5 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-11 | N/A |
| The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||||
| CVE-2011-1400 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Tex-common | 2025-04-11 | N/A |
| The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document. | ||||
| CVE-2010-1205 | 11 Apple, Canonical, Debian and 8 more | 18 Iphone Os, Itunes, Mac Os X and 15 more | 2025-04-11 | 9.8 Critical |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||||
| CVE-2011-3919 | 5 Apple, Debian, Google and 2 more | 11 Iphone Os, Mac Os X, Debian Linux and 8 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-1293 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-1292 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | N/A |
| Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-3905 | 3 Debian, Google, Redhat | 7 Debian Linux, Chrome, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||