Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3904 | 6 Canonical, Linux, Opensuse and 3 more | 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | |||||
| CVE-2013-0833 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2025-04-11 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2013-6394 | 2 Opensuse, Percona | 2 Opensuse, Xtrabackup | 2025-04-11 | 2.1 LOW | N/A |
| Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks. | |||||
| CVE-2013-1926 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2025-04-11 | 5.8 MEDIUM | N/A |
| The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. | |||||
| CVE-2013-0767 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2013-2481 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2025-04-11 | 2.9 LOW | N/A |
| Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. | |||||
| CVE-2013-2139 | 3 Cisco, Fedoraproject, Opensuse | 3 Libsrtp, Fedora, Opensuse | 2025-04-11 | 2.6 LOW | N/A |
| Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | |||||
| CVE-2013-2064 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | |||||
| CVE-2012-2751 | 4 Debian, Opensuse, Oracle and 1 more | 4 Debian Linux, Opensuse, Http Server and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. | |||||
| CVE-2013-2482 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-11 | 6.1 MEDIUM | N/A |
| The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
| CVE-2012-5140 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. | |||||
| CVE-2013-0765 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-4160 | 3 Linux, Opensuse, Suse | 5 Linux Kernel, Opensuse, Linux Enterprise Desktop and 2 more | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. | |||||
| CVE-2012-6303 | 2 Kth, Opensuse | 3 Snack Sound Toolkit, Wavesurfer, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file. | |||||
| CVE-2010-4258 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 6.2 MEDIUM | N/A |
| The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. | |||||
| CVE-2013-1927 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2025-04-11 | 6.8 MEDIUM | N/A |
| The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." | |||||
| CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | 7.9 HIGH | N/A |
| Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." | |||||
| CVE-2013-0782 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-3967 | 6 Canonical, Linux, Mozilla and 3 more | 14 Ubuntu Linux, Linux Kernel, Firefox and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. | |||||