Search Results (23530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1297 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
CVE-2016-6340 1 Redhat 2 Enterprise Linux, Quickstart Cloud Installer 2025-04-12 N/A
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
CVE-2015-1295 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.
CVE-2015-1293 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2015-1288 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
CVE-2015-1286 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
CVE-2014-4287 4 Mariadb, Oracle, Redhat and 1 more 9 Mariadb, Mysql, Enterprise Linux and 6 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.
CVE-2014-4260 5 Debian, Mariadb, Oracle and 2 more 11 Debian Linux, Mariadb, Mysql and 8 more 2025-04-12 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
CVE-2015-1280 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
CVE-2014-2284 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2025-04-12 N/A
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2014-3493 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-12 N/A
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
CVE-2015-1276 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
CVE-2012-0032 1 Redhat 1 Jboss Operations Network 2025-04-12 N/A
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
CVE-2016-6346 1 Redhat 6 Jboss Bpms, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more 2025-04-12 N/A
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2014-2281 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-12 N/A
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
CVE-2014-7946 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.
CVE-2016-8576 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2025-04-12 6.0 Medium
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-7466 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2025-04-12 6.0 Medium
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2016-7422 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2025-04-12 6.0 Medium
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
CVE-2015-1272 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.