Search Results (23518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1577 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
CVE-2013-0273 2 Pidgin, Redhat 3 Pidgin, Enterprise Linux, Rhel Productivity 2025-04-11 N/A
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-4554 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
CVE-2013-5790 3 Oracle, Redhat, Sun 7 Jdk, Jre, Enterprise Linux and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
CVE-2011-1010 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table.
CVE-2013-2434 2 Oracle, Redhat 4 Javafx, Jdk, Jre and 1 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2011-3205 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-11 N/A
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
CVE-2011-0573 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2025-04-11 N/A
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
CVE-2012-2336 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2013-4933 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
CVE-2013-3744 2 Oracle, Redhat 3 Jdk, Jre, Rhel Extras 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2012-3970 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.
CVE-2013-1476 3 Oracle, Redhat, Sun 7 Jdk, Jre, Enterprise Linux and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
CVE-2013-2419 3 Oracle, Redhat, Sun 7 Jdk, Jre, Enterprise Linux and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2011-1487 2 Perl, Redhat 2 Perl, Enterprise Linux 2025-04-11 N/A
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
CVE-2012-2337 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
CVE-2012-4542 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
CVE-2013-2412 3 Oracle, Redhat, Sun 8 Jdk, Jre, Enterprise Linux and 5 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
CVE-2012-4446 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVE-2013-0253 2 Apache, Redhat 3 Maven, Maven Wagon, Openshift 2025-04-11 N/A
The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.