Search Results (1252 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10661 3 Debian, Linux, Redhat 12 Debian Linux, Linux Kernel, Enterprise Linux and 9 more 2025-04-20 7.0 High
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVE-2016-9840 9 Apple, Boost, Canonical and 6 more 27 Iphone Os, Mac Os X, Tvos and 24 more 2025-04-20 8.8 High
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-7895 3 Debian, Linux, Redhat 10 Debian Linux, Linux Kernel, Enterprise Linux and 7 more 2025-04-20 9.8 Critical
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
CVE-2017-5461 2 Mozilla, Redhat 7 Network Security Services, Enterprise Linux, Rhel Aus and 4 more 2025-04-20 N/A
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
CVE-2017-1000366 8 Debian, Gnu, Mcafee and 5 more 26 Debian Linux, Glibc, Web Gateway and 23 more 2025-04-20 N/A
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVE-2017-8824 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Mrg and 6 more 2025-04-20 7.8 High
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVE-2017-15265 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Enterprise Mrg and 4 more 2025-04-20 7.0 High
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
CVE-2017-2636 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2025-04-20 7.0 High
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
CVE-2016-9147 2 Isc, Redhat 6 Bind, Enterprise Linux, Rhel Aus and 3 more 2025-04-20 N/A
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
CVE-2024-33871 2 Artifex, Redhat 7 Ghostscript, Enterprise Linux, Rhel Aus and 4 more 2025-04-16 8.8 High
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
CVE-2022-47629 3 Debian, Gnupg, Redhat 9 Debian Linux, Libksba, Enterprise Linux and 6 more 2025-04-16 9.8 Critical
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
CVE-2022-45405 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.5 Medium
Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45404 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.5 Medium
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45403 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.5 Medium
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-46882 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 9.8 Critical
A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46871 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Enterprise Linux and 4 more 2025-04-15 8.8 High
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
CVE-2022-45421 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 8.8 High
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45420 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.5 Medium
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45418 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.1 Medium
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45416 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-15 6.5 Medium
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.