Search Results (23543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3510 2 Openssl, Redhat 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
CVE-2015-0477 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
CVE-2015-0563 3 Opensuse, Redhat, Wireshark 3 Opensuse, Enterprise Linux, Wireshark 2025-04-12 N/A
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-7230 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Cinder, Nova and 2 more 2025-04-12 N/A
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
CVE-2016-1950 5 Apple, Mozilla, Opensuse and 2 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
CVE-2015-2625 2 Oracle, Redhat 7 Jdk, Jre, Jrockit and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.
CVE-2015-1245 3 Debian, Google, Redhat 3 Debian Linux, Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association.
CVE-2016-2842 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more 2025-04-12 N/A
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
CVE-2014-3473 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
CVE-2015-5157 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2015-1304 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
CVE-2015-5222 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
CVE-2016-4998 4 Canonical, Linux, Oracle and 1 more 6 Ubuntu Linux, Linux Kernel, Linux and 3 more 2025-04-12 N/A
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.
CVE-2016-5162 3 Google, Opensuse, Redhat 3 Chrome, Leap, Rhel Extras 2025-04-12 N/A
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
CVE-2016-5170 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
CVE-2016-2069 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-12 N/A
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2016-8288 2 Oracle, Redhat 2 Mysql, Rhel Software Collections 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
CVE-2016-5276 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
CVE-2016-5772 5 Debian, Opensuse, Php and 2 more 8 Debian Linux, Leap, Opensuse and 5 more 2025-04-12 9.8 Critical
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
CVE-2016-8284 2 Oracle, Redhat 2 Mysql, Rhel Software Collections 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.