Search Results (16496 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2519 2 Redhat, Xen 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2025-04-11 N/A
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
CVE-2011-2520 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, System-config-firewall 2025-04-11 7.8 High
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
CVE-2013-6337 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2009-2902 2 Apache, Redhat 5 Tomcat, Certificate System, Enterprise Linux and 2 more 2025-04-11 N/A
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
CVE-2011-2526 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2025-04-11 N/A
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
CVE-2011-3521 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
CVE-2010-0831 2 Matthias Klose, Redhat 2 Fastjar, Enterprise Linux 2025-04-11 N/A
Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
CVE-2013-1968 5 Apache, Canonical, Collabnet and 2 more 5 Subversion, Ubuntu Linux, Subversion and 2 more 2025-04-11 N/A
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2010-0838 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2025-04-11 N/A
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
CVE-2013-4124 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Opensuse and 2 more 2025-04-11 N/A
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 12 Ubuntu Linux, Debian Linux, Imagemagick and 9 more 2025-04-11 6.5 Medium
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2011-1140 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
CVE-2011-1141 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
CVE-2013-1976 1 Redhat 2 Enterprise Linux, Jboss Enterprise Web Server 2025-04-11 N/A
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
CVE-2012-0255 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2025-04-11 N/A
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).
CVE-2011-1148 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
CVE-2013-1983 2 Redhat, X 2 Enterprise Linux, Libxfixes 2025-04-11 N/A
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
CVE-2012-0250 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2025-04-11 N/A
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
CVE-2013-6449 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
CVE-2012-0249 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2025-04-11 N/A
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.