Total
8865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4074 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 1.9 LOW | N/A |
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. | |||||
CVE-2010-2941 | 7 Apple, Canonical, Debian and 4 more | 13 Cups, Mac Os X, Mac Os X Server and 10 more | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | |||||
CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
CVE-2011-4107 | 3 Debian, Fedoraproject, Phpmyadmin | 3 Debian Linux, Fedora, Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | |||||
CVE-2011-0474 | 2 Debian, Google | 3 Debian Linux, Chrome, Chrome Os | 2024-02-28 | 10.0 HIGH | N/A |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2010-2497 | 3 Apple, Debian, Freetype | 3 Mac Os X, Debian Linux, Freetype | 2024-02-28 | 6.8 MEDIUM | N/A |
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
CVE-2011-2749 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2024-02-28 | 7.8 HIGH | N/A |
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. | |||||
CVE-2011-3892 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. | |||||
CVE-2011-0779 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. | |||||
CVE-2012-0444 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-28 | 10.0 HIGH | N/A |
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | |||||
CVE-2011-4862 | 8 Debian, Fedoraproject, Freebsd and 5 more | 10 Debian Linux, Fedora, Freebsd and 7 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | |||||
CVE-2011-0762 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 4.0 MEDIUM | N/A |
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | |||||
CVE-2010-3705 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 8.3 HIGH | N/A |
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. | |||||
CVE-2010-0159 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | |||||
CVE-2011-4362 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. | |||||
CVE-2011-3905 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2010-2959 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-02-28 | 7.2 HIGH | N/A |
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. | |||||
CVE-2010-4164 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2024-02-28 | 7.8 HIGH | N/A |
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. | |||||
CVE-2010-1086 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. | |||||
CVE-2011-2501 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. |