Search Results (121275 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0019 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2025-04-11 N/A
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
CVE-2013-0390 1 Oracle 1 E-business Suite 2025-04-11 N/A
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.
CVE-2012-0194 1 Ibm 1 Aix 2025-04-11 N/A
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.
CVE-2010-4489 1 Google 1 Chrome 2025-04-11 N/A
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
CVE-2013-0158 3 Cloudbees, Jenkins, Redhat 3 Jenkins, Jenkins, Openshift 2025-04-11 N/A
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0416 1 Oracle 1 Siebel Crm 2025-04-11 N/A
Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403.
CVE-2010-2570 1 Microsoft 1 Publisher 2025-04-11 N/A
Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
CVE-2010-2571 1 Microsoft 1 Publisher 2025-04-11 N/A
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
CVE-2013-0166 2 Openssl, Redhat 6 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
CVE-2010-2575 1 Kde 1 Kde Sc 2025-04-11 N/A
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
CVE-2013-0168 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.
CVE-2010-2576 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
CVE-2013-0169 4 Openssl, Oracle, Polarssl and 1 more 11 Openssl, Openjdk, Polarssl and 8 more 2025-04-11 N/A
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVE-2013-0170 5 Canonical, Fedoraproject, Opensuse and 2 more 12 Ubuntu Linux, Fedora, Opensuse and 9 more 2025-04-11 N/A
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2013-0172 1 Samba 1 Samba 2025-04-11 N/A
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.
CVE-2010-2582 1 Adobe 1 Shockwave Player 2025-04-11 N/A
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.
CVE-2010-2583 1 Sonicwall 1 Ssl-vpn End-point Interrogator\/installer Activex Control 2025-04-11 N/A
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2012-0222 1 Rockwellautomation 2 Factorytalk, Rslogix 5000 2025-04-11 N/A
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet.
CVE-2013-0198 1 Thekelleys 1 Dnsmasq 2025-04-11 N/A
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.