Total
10182 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0618 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2013-1798 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.2 MEDIUM | N/A |
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. | |||||
CVE-2011-1476 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. | |||||
CVE-2011-1021 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 3.6 LOW | N/A |
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347. | |||||
CVE-2010-2219 | 3 Adobe, Linux, Microsoft | 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors. | |||||
CVE-2013-2977 | 3 Ibm, Linux, Microsoft | 3 Lotus Notes, Linux Kernel, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. | |||||
CVE-2012-6538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | |||||
CVE-2011-2184 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. | |||||
CVE-2011-2782 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 4.3 MEDIUM | N/A |
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2010-2298 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 10.0 HIGH | N/A |
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls. | |||||
CVE-2013-0899 | 6 Apple, Google, Linux and 3 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2025-04-11 | 5.0 MEDIUM | N/A |
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | |||||
CVE-2010-4249 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. | |||||
CVE-2010-1556 | 3 Hp, Linux, Microsoft | 4 Hp-ux, Systems Insight Manager, Linux Kernel and 1 more | 2025-04-11 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. | |||||
CVE-2012-3364 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. | |||||
CVE-2013-7264 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
CVE-2011-4913 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | 7.8 HIGH | N/A |
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. | |||||
CVE-2010-4169 | 4 Fedoraproject, Linux, Opensuse and 1 more | 6 Fedora, Linux Kernel, Opensuse and 3 more | 2025-04-11 | 4.9 MEDIUM | N/A |
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. | |||||
CVE-2012-6537 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. | |||||
CVE-2012-2384 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. | |||||
CVE-2011-1192 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |