Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0264 | 3 Ibm, Redhat, Suse | 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more | 2025-04-12 | 6.8 MEDIUM | 5.6 MEDIUM |
| Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-0413 | 3 Canonical, Oracle, Suse | 4 Ubuntu Linux, Jdk, Jre and 1 more | 2025-04-12 | 1.9 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. | |||||
| CVE-2015-2737 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | 10.0 HIGH | N/A |
| The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | |||||
| CVE-2010-2301 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762. | |||||
| CVE-2011-1585 | 2 Linux, Suse | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | 3.3 LOW | N/A |
| The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. | |||||
| CVE-2010-2495 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. | |||||
| CVE-2010-1770 | 6 Apple, Canonical, Google and 3 more | 12 Mac Os X, Mac Os X Server, Safari and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | |||||
| CVE-2010-2942 | 6 Avaya, Canonical, Linux and 3 more | 13 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 10 more | 2025-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | |||||
| CVE-2011-3026 | 4 Apple, Google, Opensuse and 1 more | 7 Iphone Os, Mac Os X, Mac Os X Server and 4 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | |||||
| CVE-2010-2537 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2025-04-11 | 6.6 MEDIUM | 7.1 HIGH |
| The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | |||||
| CVE-2010-2066 | 4 Canonical, Linux, Suse and 1 more | 6 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 3 more | 2025-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | |||||
| CVE-2012-5830 | 6 Apple, Canonical, Mozilla and 3 more | 15 Mac Os X, Ubuntu Linux, Firefox and 12 more | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | |||||
| CVE-2010-3078 | 5 Canonical, Linux, Opensuse and 2 more | 6 Ubuntu Linux, Linux Kernel, Opensuse and 3 more | 2025-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | |||||
| CVE-2010-3881 | 3 Linux, Redhat, Suse | 6 Linux Kernel, Enterprise Linux Server, Enterprise Linux Workstation and 3 more | 2025-04-11 | 2.1 LOW | N/A |
| arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. | |||||
| CVE-2010-2960 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | |||||
| CVE-2010-2302 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771. | |||||
| CVE-2010-2297 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | |||||
| CVE-2010-2524 | 4 Canonical, Linux, Suse and 1 more | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more | 2025-04-11 | 4.6 MEDIUM | 7.8 HIGH |
| The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | |||||
| CVE-2010-2798 | 7 Avaya, Canonical, Debian and 4 more | 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2025-04-11 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||