Search Results (2030 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8291 3 Artifex, Debian, Redhat 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more 2026-04-21 7.8 High
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2016-5198 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2026-04-21 8.8 High
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
CVE-2017-5030 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2026-04-21 8.8 High
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2017-5070 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2026-04-21 8.8 High
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2016-1646 6 Canonical, Debian, Google and 3 more 11 Ubuntu Linux, Debian Linux, Chrome and 8 more 2026-04-21 8.8 High
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2017-12615 4 Apache, Microsoft, Netapp and 1 more 24 Tomcat, Windows, 7-mode Transition Tool and 21 more 2026-04-21 8.1 High
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 60 Tomcat, Ubuntu Linux, Debian Linux and 57 more 2026-04-21 8.1 High
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2004-0809 8 Apache, Debian, Gentoo and 5 more 12 Http Server, Debian Linux, Linux and 9 more 2026-04-16 N/A
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2004-0750 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
CVE-2005-0750 5 Conectiva, Linux, Redhat and 2 more 8 Linux, Linux Kernel, Enterprise Linux and 5 more 2026-04-16 N/A
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
CVE-2006-2933 2 Kde, Redhat 3 Kde, Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
CVE-2005-2970 4 Apache, Canonical, Fedoraproject and 1 more 7 Http Server, Ubuntu Linux, Fedora Core and 4 more 2026-04-16 N/A
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVE-2005-0757 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
CVE-2004-1613 3 Mozilla, Redhat, Sgi 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-0699 4 Altlinux, Conectiva, Ethereal Group and 1 more 6 Alt Linux, Linux, Ethereal and 3 more 2026-04-16 N/A
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
CVE-2005-1268 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2026-04-16 N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2005-0109 5 Freebsd, Redhat, Sco and 2 more 9 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 6 more 2026-04-16 N/A
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
CVE-2004-1237 3 Linux, Redhat, Suse 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
CVE-2005-0156 7 Ibm, Larry Wall, Redhat and 4 more 9 Aix, Perl, Enterprise Linux and 6 more 2026-04-16 N/A
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.