Export limit exceeded: 16295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16295 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7308 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. | ||||
| CVE-2017-3539 | 3 Debian, Oracle, Redhat | 15 Debian Linux, Jdk, Jre and 12 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | ||||
| CVE-2017-13084 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||||
| CVE-2014-4616 | 5 Opensuse, Opensuse Project, Python and 2 more | 8 Opensuse, Opensuse, Python and 5 more | 2025-04-20 | 5.9 Medium |
| Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | ||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2025-04-20 | 8.8 High |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | ||||
| CVE-2017-7679 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Core Services and 2 more | 2025-04-20 | N/A |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | ||||
| CVE-2017-13086 | 7 Canonical, Debian, Freebsd and 4 more | 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||||
| CVE-2017-9077 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | 7.8 High |
| The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | ||||
| CVE-2016-7545 | 3 Fedoraproject, Redhat, Selinux Project | 9 Fedora, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-20 | N/A |
| SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | ||||
| CVE-2017-15289 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-20 | 6.0 Medium |
| The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | ||||
| CVE-2017-1000376 | 4 Debian, Libffi Project, Oracle and 1 more | 6 Debian Linux, Libffi, Peopletools and 3 more | 2025-04-20 | 7.0 High |
| libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | ||||
| CVE-2017-9953 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2025-04-20 | N/A |
| There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2016-10002 | 3 Debian, Redhat, Squid-cache | 3 Debian Linux, Enterprise Linux, Squid | 2025-04-20 | N/A |
| Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. | ||||
| CVE-2017-8386 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-04-20 | N/A |
| git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | ||||
| CVE-2016-8399 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-20 | 7.0 High |
| An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. | ||||
| CVE-2017-7890 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Software Collections | 2025-04-20 | N/A |
| The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. | ||||
| CVE-2017-7551 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-20 | N/A |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | ||||
| CVE-2016-5018 | 6 Apache, Canonical, Debian and 3 more | 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more | 2025-04-20 | 9.1 Critical |
| In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | ||||
| CVE-2017-8422 | 2 Kde, Redhat | 3 Kauth, Kdelibs, Enterprise Linux | 2025-04-20 | N/A |
| KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | ||||
| CVE-2017-11166 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-20 | N/A |
| The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. | ||||