Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 16502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (16502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 6.5 Medium
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2016-4052 3 Canonical, Redhat, Squid-cache 3 Ubuntu Linux, Enterprise Linux, Squid 2025-04-12 N/A
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4053 4 Canonical, Oracle, Redhat and 1 more 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more 2025-04-12 N/A
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2016-5386 4 Fedoraproject, Golang, Oracle and 1 more 7 Fedora, Go, Linux and 4 more 2025-04-12 8.1 High
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVE-2016-5418 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Enterprise Linux and 8 more 2025-04-12 N/A
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2010-5312 7 Apache, Debian, Drupal and 4 more 7 Drill, Debian Linux, Drupal and 4 more 2025-04-12 6.1 Medium
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
CVE-2014-9620 2 File Project, Redhat 2 File, Enterprise Linux 2025-04-12 N/A
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
CVE-2015-1243 4 Canonical, Debian, Google and 1 more 8 Ubuntu Linux, Debian Linux, Chrome and 5 more 2025-04-12 N/A
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVE-2016-6515 3 Fedoraproject, Openbsd, Redhat 3 Fedora, Openssh, Enterprise Linux 2025-04-12 N/A
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2014-0205 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count.
CVE-2015-1805 3 Google, Linux, Redhat 8 Android, Linux Kernel, Enterprise Linux and 5 more 2025-04-12 N/A
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
CVE-2015-4493 5 Canonical, Mozilla, Opensuse and 2 more 5 Ubuntu Linux, Firefox, Opensuse and 2 more 2025-04-12 N/A
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
CVE-2014-0069 3 Linux, Redhat, Suse 11 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 8 more 2025-04-12 N/A
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVE-2015-2694 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-12 N/A
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2015-3414 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Watchos, Ubuntu Linux and 4 more 2025-04-12 N/A
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
CVE-2015-2737 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2015-2738 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2014-9402 4 Canonical, Gnu, Opensuse and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2025-04-12 N/A
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
CVE-2014-3593 2 Redhat, Scientificlinux 2 Enterprise Linux, Luci 2025-04-12 N/A
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
CVE-2015-4487 5 Canonical, Mozilla, Opensuse and 2 more 6 Ubuntu Linux, Firefox, Firefox Os and 3 more 2025-04-12 N/A
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."