Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0396 1 Debian 1 Dpkg 2025-04-11 N/A
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
CVE-2013-2900 3 Debian, Google, Microsoft 3 Debian Linux, Chrome, Windows 2025-04-11 N/A
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.
CVE-2010-3298 6 Canonical, Debian, Linux and 3 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-11 N/A
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
CVE-2013-0155 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2025-04-11 N/A
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
CVE-2013-6643 6 Apple, Debian, Google and 3 more 6 Mac Os X, Debian Linux, Chrome and 3 more 2025-04-11 N/A
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
CVE-2012-4182 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0251 1 Debian 1 Latd 2025-04-11 N/A
Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.
CVE-2012-0259 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2025-04-11 6.5 Medium
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2013-4969 4 Canonical, Debian, Puppet and 1 more 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more 2025-04-11 N/A
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
CVE-2013-6890 3 Debian, Fedoraproject, Phil Schwartz 3 Debian Linux, Fedora, Denyhosts 2025-04-11 N/A
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
CVE-2012-2751 4 Debian, Opensuse, Oracle and 1 more 4 Debian Linux, Opensuse, Http Server and 1 more 2025-04-11 N/A
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
CVE-2013-2064 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2025-04-11 N/A
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
CVE-2011-3895 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 N/A
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
CVE-2012-0037 6 Apache, Debian, Fedoraproject and 3 more 14 Openoffice, Debian Linux, Fedora and 11 more 2025-04-11 6.5 Medium
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVE-2013-6645 6 Apple, Debian, Google and 3 more 6 Mac Os X, Debian Linux, Chrome and 3 more 2025-04-11 N/A
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.
CVE-2012-3982 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0031 5 Apache, Debian, Opensuse and 2 more 13 Http Server, Debian Linux, Opensuse and 10 more 2025-04-11 N/A
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
CVE-2012-0961 1 Debian 2 Advanced Package Tool, Apt 2025-04-11 N/A
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
CVE-2013-3839 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2013-0156 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2025-04-11 N/A
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.