Search Results (23508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4749 2 Parallels, Redhat 2 Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.
CVE-2011-4838 2 Jruby, Redhat 2 Jruby, Jboss Soa Platform 2025-04-11 N/A
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2011-4858 2 Apache, Redhat 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more 2025-04-11 N/A
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4862 9 Debian, Fedoraproject, Freebsd and 6 more 14 Debian Linux, Fedora, Freebsd and 11 more 2025-04-11 N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2011-4885 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4922 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
CVE-2011-4940 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-11 N/A
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
CVE-2011-5062 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2025-04-11 N/A
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
CVE-2013-5819 3 Oracle, Redhat, Sun 7 Jdk, Jre, Network Satellite and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.
CVE-2013-5832 3 Oracle, Redhat, Sun 7 Jdk, Jre, Network Satellite and 4 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.
CVE-2013-5852 3 Oracle, Redhat, Sun 6 Jdk, Jre, Rhel Extras and 3 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.
CVE-2013-5854 2 Oracle, Redhat 4 Javafx, Jdk, Jre and 1 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.
CVE-2012-0022 2 Apache, Redhat 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more 2025-04-11 N/A
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
CVE-2012-0031 5 Apache, Debian, Opensuse and 2 more 13 Http Server, Debian Linux, Opensuse and 10 more 2025-04-11 N/A
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
CVE-2013-5893 2 Oracle, Redhat 4 Jdk, Jre, Enterprise Linux and 1 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox.
CVE-2013-5898 2 Oracle, Redhat 5 Jdk, Jre, Network Satellite and 2 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.
CVE-2012-0037 6 Apache, Debian, Fedoraproject and 3 more 14 Openoffice, Debian Linux, Fedora and 11 more 2025-04-11 6.5 Medium
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVE-2013-5905 2 Oracle, Redhat 4 Jdk, Jre, Rhel Extras and 1 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906.
CVE-2012-0041 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
CVE-2012-0044 3 Canonical, Linux, Redhat 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-11 7.8 High
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.