Export limit exceeded: 10220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10220 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2104 | 2 Openstack, Redhat | 2 Python-keystoneclient, Openstack | 2025-04-11 | N/A |
| python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires. | ||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2025-04-11 | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | ||||
| CVE-2013-1824 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Enterprise Linux | 2025-04-11 | N/A |
| The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. | ||||
| CVE-2010-3411 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | N/A |
| Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. | ||||
| CVE-2010-3322 | 1 Splunk | 1 Splunk | 2025-04-11 | 8.8 High |
| The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. | ||||
| CVE-2010-0923 | 1 Kde | 1 Kde Sc | 2025-04-11 | N/A |
| Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. | ||||
| CVE-2013-2185 | 2 Apache, Redhat | 3 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue | ||||
| CVE-2014-0020 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | ||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2010-0283 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | ||||
| CVE-2011-2821 | 4 Apple, Debian, Google and 1 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2025-04-11 | N/A |
| Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | ||||
| CVE-2012-4522 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Openshift, Ruby | 2025-04-11 | N/A |
| The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | ||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | ||||
| CVE-2012-3489 | 6 Apple, Canonical, Debian and 3 more | 10 Mac Os X Server, Ubuntu Linux, Debian Linux and 7 more | 2025-04-11 | 6.5 Medium |
| The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. | ||||
| CVE-2012-2110 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 5 more | 2025-04-11 | N/A |
| The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | ||||
| CVE-2010-3301 | 4 Canonical, Linux, Redhat and 1 more | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. | ||||
| CVE-2012-4399 | 1 Cakefoundation | 1 Cakephp | 2025-04-11 | 7.5 High |
| The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2010-1087 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | ||||
| CVE-2012-4413 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | ||||
| CVE-2011-3903 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||