Export limit exceeded: 364860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4343 3 Linux, Redhat, Vmware 3 Linux Kernel, Enterprise Linux, Esx 2025-04-11 5.5 Medium
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
CVE-2009-4272 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 4 more 2025-04-11 7.5 High
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
CVE-2012-3489 6 Apple, Canonical, Debian and 3 more 10 Mac Os X Server, Ubuntu Linux, Debian Linux and 7 more 2025-04-11 6.5 Medium
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2006-7243 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
CVE-2013-6440 3 Internet2, Redhat, Shibboleth 10 Opensaml, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
CVE-2012-4522 2 Redhat, Ruby-lang 3 Enterprise Linux, Openshift, Ruby 2025-04-11 N/A
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
CVE-2011-5245 1 Redhat 9 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 6 more 2025-04-11 N/A
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
CVE-2012-4413 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
CVE-2012-0012 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
CVE-2013-4549 2 Digia, Qt 2 Qt, Qt 2025-04-11 N/A
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
CVE-2012-4399 1 Cakefoundation 1 Cakephp 2025-04-11 7.5 High
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVE-2013-4590 4 Apache, Debian, Oracle and 1 more 5 Tomcat, Debian Linux, Solaris and 2 more 2025-04-11 N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-0221 2 Opensuse, Redhat 2 Opensuse, Enterprise Linux 2025-04-11 N/A
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
CVE-2012-0870 3 Redhat, Rim, Samba 6 Enterprise Linux, Rhel Eus, Rhel Mission Critical and 3 more 2025-04-11 N/A
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
CVE-2010-0923 1 Kde 1 Kde Sc 2025-04-11 N/A
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
CVE-2012-0037 6 Apache, Debian, Fedoraproject and 3 more 14 Openoffice, Debian Linux, Fedora and 11 more 2025-04-11 6.5 Medium
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVE-2011-2821 4 Apple, Debian, Google and 1 more 9 Iphone Os, Mac Os X, Debian Linux and 6 more 2025-04-11 N/A
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
CVE-2013-2104 2 Openstack, Redhat 2 Python-keystoneclient, Openstack 2025-04-11 N/A
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
CVE-2013-2059 1 Openstack 1 Keystone 2025-04-11 N/A
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2010-2248 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions.