Search Results (5376 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1320 6 Debian, Fedoraproject, Opensuse and 3 more 7 Debian Linux, Fedora, Fedora Core and 4 more 2026-04-23 N/A
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
CVE-2009-0040 7 Apple, Debian, Fedoraproject and 4 more 10 Iphone Os, Mac Os X, Debian Linux and 7 more 2026-04-23 N/A
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2006-5170 3 Debian, Fedoraproject, Redhat 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more 2026-04-23 N/A
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2026-04-23 9.8 Critical
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-6552 2 Fedoraproject, Redhat 7 Fedora, Cluster Project, Cman and 4 more 2026-04-23 N/A
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.
CVE-2007-4045 3 Apple, Fedoraproject, Redhat 3 Cups, Fedora, Enterprise Linux 2026-04-23 N/A
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
CVE-2008-5983 4 Canonical, Fedoraproject, Python and 1 more 4 Ubuntu Linux, Fedora, Python and 1 more 2026-04-23 N/A
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
CVE-2008-0595 4 Fedoraproject, Freedesktop, Mandrakesoft and 1 more 4 Fedora, Dbus, Mandrake Linux and 1 more 2026-04-23 N/A
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
CVE-2008-5021 8 Canonical, Debian, Fedoraproject and 5 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2026-04-23 N/A
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
CVE-2007-0455 5 Canonical, Fedoraproject, Gd Graphics Library Project and 2 more 9 Ubuntu Linux, Fedora, Gd Graphics Library and 6 more 2026-04-23 N/A
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVE-2008-4989 7 Canonical, Debian, Fedoraproject and 4 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2026-04-23 5.9 Medium
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
CVE-2010-0013 6 Adium, Fedoraproject, Opensuse and 3 more 7 Adium, Fedora, Opensuse and 4 more 2026-04-23 7.5 High
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
CVE-2008-0063 8 Apple, Canonical, Debian and 5 more 13 Mac Os X, Mac Os X Server, Ubuntu Linux and 10 more 2026-04-23 7.5 High
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2009-4135 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Coreutils 2026-04-23 N/A
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVE-2009-3767 5 Apple, Fedoraproject, Openldap and 2 more 6 Mac Os X, Fedora, Openldap and 3 more 2026-04-23 N/A
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2008-4577 5 Canonical, Dovecot, Fedoraproject and 2 more 5 Ubuntu Linux, Dovecot, Fedora and 2 more 2026-04-23 7.5 High
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2007-4000 3 Fedoraproject, Mit, Redhat 3 Fedora, Kerberos 5, Enterprise Linux 2026-04-23 N/A
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
CVE-2009-3621 7 Canonical, Fedoraproject, Linux and 4 more 10 Ubuntu Linux, Fedora, Linux Kernel and 7 more 2026-04-23 5.5 Medium
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
CVE-2009-3620 6 Canonical, Fedoraproject, Linux and 3 more 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more 2026-04-23 7.8 High
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVE-2008-3969 2 Bitlbee, Fedoraproject 2 Bitlbee, Fedora 2026-04-23 N/A
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.