Search Results (4310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2661 4 Canonical, Debian, Freetype and 1 more 4 Ubuntu Linux, Debian Linux, Freetype and 1 more 2026-04-16 N/A
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
CVE-2005-0758 3 Canonical, Gnu, Redhat 3 Ubuntu Linux, Gzip, Enterprise Linux 2026-04-16 N/A
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVE-2005-3106 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-16 4.7 Medium
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
CVE-2005-2946 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2026-04-16 7.5 High
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2026-04-16 N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2005-3181 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2026-04-16 N/A
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
CVE-2006-4482 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2026-04-16 N/A
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2006-2275 3 Canonical, Lksctp, Redhat 3 Ubuntu Linux, Stream Control Transmission Protocol, Enterprise Linux 2026-04-16 7.5 High
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
CVE-2006-3747 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2026-04-16 N/A
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
CVE-2006-1727 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Mozilla Suite and 3 more 2026-04-16 N/A
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
CVE-2006-1728 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Mozilla Suite and 3 more 2026-04-16 N/A
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVE-2006-1741 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more 2026-04-16 N/A
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
CVE-2005-1527 3 Awstats, Canonical, Debian 3 Awstats, Ubuntu Linux, Debian Linux 2026-04-16 N/A
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVE-2006-4093 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-16 N/A
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
CVE-2004-1064 2 Canonical, Php 2 Ubuntu Linux, Php 2026-04-16 N/A
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2022-39177 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-39176 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2018-1000301 5 Canonical, Debian, Haxx and 2 more 15 Ubuntu Linux, Debian Linux, Curl and 12 more 2026-04-15 9.1 Critical
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CVE-2018-16839 4 Canonical, Debian, Haxx and 1 more 4 Ubuntu Linux, Debian Linux, Curl and 1 more 2026-04-15 N/A
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2018-16842 4 Canonical, Debian, Haxx and 1 more 6 Ubuntu Linux, Debian Linux, Curl and 3 more 2026-04-15 N/A
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.