Search Results (16385 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8080 4 Canonical, Opensuse, Redhat and 1 more 5 Ubuntu Linux, Opensuse, Enterprise Linux and 2 more 2025-04-12 N/A
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2015-1802 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2025-04-12 N/A
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
CVE-2016-6306 7 Canonical, Debian, Hp and 4 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 5.9 Medium
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2013-6435 3 Debian, Redhat, Rpm 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more 2025-04-12 N/A
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
CVE-2013-4527 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-12 N/A
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVE-2015-3152 6 Debian, Fedoraproject, Mariadb and 3 more 14 Debian Linux, Fedora, Mariadb and 11 more 2025-04-12 5.9 Medium
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
CVE-2004-2771 4 Bsd Mailx Project, Heirloom, Oracle and 1 more 4 Bsd Mailx, Mailx, Linux and 1 more 2025-04-12 N/A
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVE-2015-3187 3 Apache, Apple, Redhat 3 Subversion, Xcode, Enterprise Linux 2025-04-12 N/A
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
CVE-2014-0117 3 Apache, Apple, Redhat 4 Http Server, Mac Os X, Enterprise Linux and 1 more 2025-04-12 N/A
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
CVE-2015-6564 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
CVE-2014-3538 4 Christos Zoulas, Debian, Php and 1 more 5 File, Debian Linux, Php and 2 more 2025-04-12 N/A
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
CVE-2015-4733 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
CVE-2009-5138 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-12 N/A
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
CVE-2014-0132 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-12 N/A
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
CVE-2015-4475 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2025-04-12 N/A
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
CVE-2015-2573 6 Canonical, Debian, Mariadb and 3 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2015-4843 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2014-0098 4 Apache, Canonical, Oracle and 1 more 7 Http Server, Ubuntu Linux, Http Server and 4 more 2025-04-12 N/A
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
CVE-2015-0460 2 Oracle, Redhat 4 Jdk, Jre, Enterprise Linux and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2015-2659 2 Oracle, Redhat 4 Jdk, Jre, Enterprise Linux and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.