Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4222 4 Canonical, Fedoraproject, Openstack and 1 more 4 Ubuntu Linux, Fedora, Keystone and 1 more 2025-04-11 N/A
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
CVE-2013-4202 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Cinder, Openstack 2025-04-11 N/A
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
CVE-2012-4187 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2025-04-11 N/A
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.
CVE-2010-2495 3 Canonical, Linux, Suse 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more 2025-04-11 N/A
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
CVE-2012-4188 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-4124 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Opensuse and 2 more 2025-04-11 N/A
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2013-4248 3 Canonical, Php, Redhat 3 Ubuntu Linux, Php, Enterprise Linux 2025-04-11 N/A
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-6393 5 Canonical, Debian, Opensuse and 2 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2025-04-11 N/A
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
CVE-2010-2498 5 Apple, Canonical, Debian and 2 more 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more 2025-04-11 N/A
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
CVE-2013-4314 2 Canonical, Jean-paul Calderone 2 Ubuntu Linux, Pyopenssl 2025-04-11 N/A
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2011-1783 6 Apache, Apple, Canonical and 3 more 6 Subversion, Mac Os X, Ubuntu Linux and 3 more 2025-04-11 N/A
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
CVE-2013-3839 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2013-5842 3 Canonical, Oracle, Redhat 12 Ubuntu Linux, Jdk, Jre and 9 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
CVE-2013-3809 5 Canonical, Mariadb, Opensuse and 2 more 8 Ubuntu Linux, Mariadb, Opensuse and 5 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
CVE-2013-3802 7 Canonical, Debian, Mariadb and 4 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
CVE-2013-1065 2 Canonical, Martin Pitt 2 Ubuntu Linux, Jockey 2025-04-11 N/A
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2012-5840 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2025-04-11 N/A
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
CVE-2013-0771 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2025-04-11 N/A
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2012-3173 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
CVE-2010-3858 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2025-04-11 N/A
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.