Search Results (23543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4350 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-4368 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.
CVE-2013-4397 2 Feep, Redhat 2 Libtar, Enterprise Linux 2025-04-11 N/A
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
CVE-2013-4408 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2025-04-11 N/A
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
CVE-2013-4419 4 Libguestfs, Novell, Redhat and 1 more 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more 2025-04-11 N/A
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVE-2013-4470 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
CVE-2010-3115 4 Canonical, Google, Redhat and 1 more 4 Ubuntu Linux, Chrome, Enterprise Linux and 1 more 2025-04-11 N/A
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
CVE-2013-4566 2 Mod Nss Project, Redhat 2 Mod Nss, Enterprise Linux 2025-04-11 N/A
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
CVE-2010-3255 3 Google, Redhat, Webkitgtk 3 Chrome, Enterprise Linux, Webkitgtk 2025-04-11 N/A
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2011-2698 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
CVE-2010-3752 2 Redhat, Xelerance 2 Enterprise Linux, Openswan 2025-04-11 N/A
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
CVE-2012-4429 2 David King, Redhat 2 Vino, Enterprise Linux 2025-04-11 N/A
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
CVE-2010-3851 4 Libguestfs, Matthew Booth, Redhat and 1 more 4 Libguestfs, Virt-v2v, Enterprise Linux and 1 more 2025-04-11 N/A
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
CVE-2013-5330 5 Adobe, Apple, Linux and 2 more 7 Air, Air Sdk, Flash Player and 4 more 2025-04-11 N/A
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329.
CVE-2012-4513 2 Kde, Redhat 2 Kde, Enterprise Linux 2025-04-11 N/A
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
CVE-2010-3878 1 Redhat 1 Jboss Enterprise Application Platform 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.
CVE-2011-2729 3 Apache, Linux, Redhat 4 Apache Commons Daemon, Tomcat, Linux Kernel and 1 more 2025-04-11 N/A
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
CVE-2013-5375 2 Ibm, Redhat 3 Java, Network Satellite, Rhel Extras 2025-04-11 N/A
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.
CVE-2013-5605 2 Mozilla, Redhat 4 Network Security Services, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
CVE-2013-5612 7 Canonical, Fedoraproject, Mozilla and 4 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.