Search Results (2191 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4170 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Compute Node Eus and 6 more 2025-04-12 N/A
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
CVE-2014-0178 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-12 N/A
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
CVE-2014-9065 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 N/A
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.
CVE-2014-9066 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 N/A
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.
CVE-2014-0226 4 Apache, Debian, Oracle and 1 more 9 Http Server, Debian Linux, Enterprise Manager Ops Center and 6 more 2025-04-12 N/A
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
CVE-2016-4569 4 Canonical, Linux, Novell and 1 more 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more 2025-04-12 N/A
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2015-10004 1 Json Web Token Project 1 Json Web Token 2025-04-11 7.5 High
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
CVE-2022-46173 1 Elrond 1 Elrond Go 2025-04-11 7.2 High
Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50.
CVE-2022-48198 2 Ntpd Driver Project, Openrobotics 2 Ntpd Driver, Robot Operating System 2025-04-11 9.8 Critical
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.
CVE-2013-4480 2 Redhat, Suse 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more 2025-04-11 N/A
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2010-4526 3 Linux, Redhat, Vmware 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
CVE-2010-0923 1 Kde 1 Kde Sc 2025-04-11 N/A
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
CVE-2013-0222 2 Opensuse, Redhat 2 Opensuse, Enterprise Linux 2025-04-11 N/A
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
CVE-2011-2482 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-11 7.5 High
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
CVE-2013-0223 2 Opensuse, Redhat 2 Opensuse, Enterprise Linux 2025-04-11 N/A
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
CVE-2010-1087 3 Debian, Linux, Redhat 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-11 N/A
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
CVE-2010-4655 4 Canonical, Linux, Redhat and 1 more 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-11 5.5 Medium
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
CVE-2011-4348 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.
CVE-2010-0732 1 Gnome 2 Gtk, Screensaver 2025-04-11 N/A
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
CVE-2011-1258 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."