Search Results (16500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2746 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2025-04-11 N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
CVE-2013-2067 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-11 N/A
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
CVE-2013-2064 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2025-04-11 N/A
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
CVE-2012-0248 4 Canonical, Debian, Imagemagick and 1 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2025-04-11 5.5 Medium
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVE-2013-2053 2 Redhat, Xelerance 2 Enterprise Linux, Openswan 2025-04-11 N/A
Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.
CVE-2012-0118 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
CVE-2012-0583 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
CVE-2013-2051 1 Redhat 1 Enterprise Linux 2025-04-11 N/A
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
CVE-2011-4745 2 Parallels, Redhat 2 Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files.
CVE-2013-1713 2 Mozilla, Redhat 6 Firefox, Seamonkey, Thunderbird and 3 more 2025-04-11 N/A
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.
CVE-2010-4020 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-11 N/A
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
CVE-2012-2318 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
CVE-2012-1945 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
CVE-2013-1714 2 Mozilla, Redhat 6 Firefox, Seamonkey, Thunderbird and 3 more 2025-04-11 N/A
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2013-1718 2 Mozilla, Redhat 6 Firefox, Seamonkey, Thunderbird and 3 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-2004 2 Redhat, X 2 Enterprise Linux, Libx11 2025-04-11 N/A
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
CVE-2013-2001 2 Redhat, X 2 Enterprise Linux, Libxxf86vm 2025-04-11 N/A
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
CVE-2013-1997 2 Redhat, X 2 Enterprise Linux, Libx11 2025-04-11 N/A
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
CVE-2013-1995 2 Redhat, X.org 2 Enterprise Linux, Libxi 2025-04-11 N/A
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
CVE-2013-1994 3 Openchrome, Redhat, X 4 Openchrome, Enterprise Linux, Libchromexvmc and 1 more 2025-04-11 N/A
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.