Search Results (16501 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2430 3 Mariadb, Oracle, Redhat 11 Mariadb, Mysql, Solaris and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
CVE-2014-3509 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Rhev Manager and 1 more 2025-04-12 N/A
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
CVE-2014-0453 7 Canonical, Debian, Ibm and 4 more 12 Ubuntu Linux, Debian Linux, Forms Viewer and 9 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
CVE-2014-0455 5 Canonical, Ibm, Microsoft and 2 more 8 Ubuntu Linux, Forms Viewer, Windows and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
CVE-2015-5302 1 Redhat 2 Enterprise Linux, Libreport 2025-04-12 N/A
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
CVE-2016-5257 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-0458 4 Canonical, Debian, Oracle and 1 more 8 Ubuntu Linux, Debian Linux, Jdk and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
CVE-2014-0114 2 Apache, Redhat 8 Commons Beanutils, Struts, Amq Broker and 5 more 2025-04-12 N/A
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
CVE-2016-5252 3 Mozilla, Oracle, Redhat 3 Firefox, Linux, Enterprise Linux 2025-04-12 N/A
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
CVE-2016-5284 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
CVE-2010-5298 5 Fedoraproject, Mariadb, Openssl and 2 more 9 Fedora, Mariadb, Openssl and 6 more 2025-04-12 N/A
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2015-7236 5 Canonical, Debian, Oracle and 2 more 5 Ubuntu Linux, Debian Linux, Solaris and 2 more 2025-04-12 N/A
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
CVE-2014-0181 4 Linux, Opensuse, Redhat and 1 more 9 Linux Kernel, Evergreen, Enterprise Linux and 6 more 2025-04-12 N/A
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
CVE-2015-3245 1 Redhat 2 Enterprise Linux, Libuser 2025-04-12 N/A
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
CVE-2014-0459 4 Canonical, Debian, Oracle and 1 more 7 Ubuntu Linux, Debian Linux, Jdk and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
CVE-2014-0460 5 Canonical, Debian, Juniper and 2 more 10 Ubuntu Linux, Debian Linux, Junos Space and 7 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
CVE-2014-0461 6 Canonical, Debian, Ibm and 3 more 10 Ubuntu Linux, Debian Linux, Forms Viewer and 7 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2016-7914 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
CVE-2010-5312 7 Apache, Debian, Drupal and 4 more 7 Drill, Debian Linux, Drupal and 4 more 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
CVE-2010-5325 3 Linuxfoundation, Oracle, Redhat 8 Foomatic-filters, Linux, Enterprise Linux and 5 more 2025-04-12 N/A
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.