Export limit exceeded: 359534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23438 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23438 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6417 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | ||||
| CVE-2007-6428 | 2 Redhat, X.org | 3 Enterprise Linux, Tog-cup, Xserver | 2026-04-23 | N/A |
| The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. | ||||
| CVE-2007-6429 | 2 Redhat, X.org | 4 Enterprise Linux, Evi, Mit-shm and 1 more | 2026-04-23 | N/A |
| Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | ||||
| CVE-2009-0844 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2026-04-23 | N/A |
| The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | ||||
| CVE-2009-2957 | 2 Redhat, Thekelleys | 2 Enterprise Linux, Dnsmasq | 2026-04-23 | N/A |
| Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | ||||
| CVE-2006-4343 | 4 Canonical, Debian, Openssl and 1 more | 5 Ubuntu Linux, Debian Linux, Openssl and 2 more | 2026-04-23 | N/A |
| The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | ||||
| CVE-2007-6120 | 3 Ethereal Group, Redhat, Wireshark | 3 Ethereal, Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||||
| CVE-2007-6110 | 2 Htdig, Redhat | 2 Htdig, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | ||||
| CVE-2007-3377 | 2 Nlnet Labs, Redhat | 2 Net Dns, Enterprise Linux | 2026-04-23 | N/A |
| Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin. | ||||
| CVE-2009-1890 | 5 Apache, Canonical, Debian and 2 more | 11 Http Server, Ubuntu Linux, Debian Linux and 8 more | 2026-04-23 | N/A |
| The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. | ||||
| CVE-2007-5393 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-23 | N/A |
| Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | ||||
| CVE-2007-5925 | 2 Mysql, Redhat | 3 Mysql, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | ||||
| CVE-2008-4770 | 2 Realvnc, Redhat | 2 Realvnc, Enterprise Linux | 2026-04-23 | N/A |
| The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." | ||||
| CVE-2009-3080 | 7 Canonical, Debian, Linux and 4 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2026-04-23 | N/A |
| Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||||
| CVE-2009-3286 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | ||||
| CVE-2009-4020 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. | ||||
| CVE-2007-0240 | 2 Redhat, Zope | 2 Rhel Cluster, Zope | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | ||||
| CVE-2007-5398 | 2 Redhat, Samba | 3 Enterprise Linux, Rhel Eus, Samba | 2026-04-23 | N/A |
| Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||||
| CVE-2007-1285 | 5 Canonical, Novell, Php and 2 more | 10 Ubuntu Linux, Suse Linux, Php and 7 more | 2026-04-23 | 7.5 High |
| The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | ||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2026-04-23 | 7.8 High |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||||