Export limit exceeded: 16351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16351 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0397 | 2 Gstreamer, Redhat | 3 Good Plug-ins, Plug-ins, Enterprise Linux | 2025-04-09 | N/A |
| Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. | ||||
| CVE-2008-1693 | 2 Poppler, Redhat | 2 Poppler, Enterprise Linux | 2025-04-09 | N/A |
| The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. | ||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2025-04-09 | 7.8 High |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||||
| CVE-2007-6388 | 2 Apache, Redhat | 6 Http Server, Certificate System, Enterprise Linux and 3 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-6601 | 4 Debian, Fedoraproject, Postgresql and 1 more | 5 Debian Linux, Fedora, Postgresql and 2 more | 2025-04-09 | N/A |
| The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | ||||
| CVE-2007-3381 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-09 | N/A |
| The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | ||||
| CVE-2007-1320 | 6 Debian, Fedoraproject, Opensuse and 3 more | 7 Debian Linux, Fedora, Fedora Core and 4 more | 2025-04-09 | N/A |
| Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | ||||
| CVE-2009-4017 | 4 Apple, Debian, Php and 1 more | 4 Mac Os X, Debian Linux, Php and 1 more | 2025-04-09 | N/A |
| PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. | ||||
| CVE-2008-1096 | 2 Imagemagick, Redhat | 3 Graphicsmagick, Imagemagick, Enterprise Linux | 2025-04-09 | N/A |
| The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. | ||||
| CVE-2006-7232 | 3 Canonical, Mysql, Redhat | 3 Ubuntu Linux, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | ||||
| CVE-2008-5077 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-09 | N/A |
| OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | ||||
| CVE-2007-0996 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | ||||
| CVE-2007-2292 | 3 Microsoft, Mozilla, Redhat | 4 Internet Explorer, Firefox, Seamonkey and 1 more | 2025-04-09 | N/A |
| CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | ||||
| CVE-2008-0596 | 2 Easy Software Products, Redhat | 3 Cups, Desktop, Enterprise Linux | 2025-04-09 | N/A |
| Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. | ||||
| CVE-2008-2383 | 2 Invisible-island, Redhat | 2 Xterm, Enterprise Linux | 2025-04-09 | N/A |
| CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. | ||||
| CVE-2008-0016 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | ||||
| CVE-2007-5000 | 7 Apache, Canonical, Fedoraproject and 4 more | 12 Http Server, Ubuntu Linux, Fedora and 9 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3476 | 2 Gd Graphics Library, Redhat | 2 Gdlib, Enterprise Linux | 2025-04-09 | N/A |
| Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | ||||
| CVE-2007-3472 | 2 Libgd, Redhat | 2 Gd Graphics Library, Enterprise Linux | 2025-04-09 | N/A |
| Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||||
| CVE-2007-4065 | 2 Redhat, Xiph.org | 2 Enterprise Linux, Libvorbis | 2025-04-09 | N/A |
| lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. | ||||