Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34677 6 Citrix, Debian, Linux and 3 more 13 Hypervisor, Debian Linux, Linux Kernel and 10 more 2025-04-11 5.5 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
CVE-2022-46173 1 Elrond 1 Elrond Go 2025-04-11 7.2 High
Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50.
CVE-2022-34670 6 Citrix, Debian, Linux and 3 more 13 Hypervisor, Debian Linux, Linux Kernel and 10 more 2025-04-11 7.8 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
CVE-2024-43280 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
CVE-2021-4287 1 Microsoft 1 Binwalk 2025-04-11 5 Medium
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.
CVE-2023-49091 1 Cosmos-cloud 1 Cosmos Server 2025-04-11 8.8 High
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.
CVE-2022-48198 2 Ntpd Driver Project, Openrobotics 2 Ntpd Driver, Robot Operating System 2025-04-11 9.8 Critical
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.
CVE-2021-30501 3 Fedoraproject, Redhat, Upx 3 Fedora, Enterprise Linux, Upx 2025-04-11 5.5 Medium
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
CVE-2019-20051 2 Fedoraproject, Upx 2 Fedora, Upx 2025-04-11 5.5 Medium
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
CVE-2021-46179 1 Upx 1 Upx 2025-04-11 6.5 Medium
Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
CVE-2013-2104 2 Openstack, Redhat 2 Python-keystoneclient, Openstack 2025-04-11 N/A
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
CVE-2010-2233 1 Libtiff 1 Libtiff 2025-04-11 N/A
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
CVE-2006-7243 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
CVE-2010-0628 1 Mit 1 Kerberos 5 2025-04-11 N/A
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
CVE-2010-1087 3 Debian, Linux, Redhat 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-11 N/A
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
CVE-2009-4272 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 4 more 2025-04-11 7.5 High
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
CVE-2012-3489 6 Apple, Canonical, Debian and 3 more 10 Mac Os X Server, Ubuntu Linux, Debian Linux and 7 more 2025-04-11 6.5 Medium
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2010-3322 1 Splunk 1 Splunk 2025-04-11 8.8 High
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
CVE-2010-2798 8 Avaya, Canonical, Debian and 5 more 17 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 14 more 2025-04-11 7.8 High
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
CVE-2010-1437 5 Debian, Linux, Opensuse and 2 more 8 Debian Linux, Linux Kernel, Opensuse and 5 more 2025-04-11 7.0 High
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.