Search Results (16514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3178 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
CVE-2010-4656 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-11 7.8 High
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
CVE-2010-3389 2 Linux-ha, Redhat 3 Ocf Resource Agents, Enterprise Linux, Rhel Cluster 2025-04-11 N/A
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2011-0869 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.
CVE-2010-0741 4 Kvm Qumranet, Linux, Qemu and 1 more 5 Kvm, Linux Kernel, Qemu and 2 more 2025-04-11 N/A
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).
CVE-2010-2521 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.
CVE-2010-0730 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop 2025-04-11 N/A
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.
CVE-2010-3175 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2025-04-11 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2010-3315 2 Apache, Redhat 2 Subversion, Enterprise Linux 2025-04-11 N/A
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
CVE-2010-4022 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-11 N/A
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
CVE-2010-3166 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.
CVE-2010-2524 5 Canonical, Linux, Redhat and 2 more 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-11 7.8 High
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
CVE-2010-3116 5 Apple, Canonical, Google and 2 more 6 Iphone Os, Safari, Ubuntu Linux and 3 more 2025-04-11 N/A
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
CVE-2011-1098 2 Gentoo, Redhat 2 Logrotate, Enterprise Linux 2025-04-11 N/A
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
CVE-2010-3876 5 Debian, Linux, Opensuse and 2 more 9 Debian Linux, Linux Kernel, Opensuse and 6 more 2025-04-11 N/A
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.
CVE-2011-1015 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-11 N/A
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
CVE-2010-0436 2 Kde, Redhat 2 Kde Sc, Enterprise Linux 2025-04-11 N/A
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
CVE-2011-1016 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.
CVE-2010-0435 1 Redhat 4 Enterprise Linux, Enterprise Virtualization, Kvm and 1 more 2025-04-11 N/A
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation.
CVE-2010-0382 2 Isc, Redhat 2 Bind, Enterprise Linux 2025-04-11 N/A
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.