Search Results (770 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 42 Cassandra, Ubuntu Linux, Debian Linux and 39 more 2026-04-22 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 16 Ubuntu Linux, Firefox, Firefox Os and 13 more 2026-04-22 8.8 High
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more 2026-04-21 7.5 High
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2015-2590 6 Canonical, Debian, Opensuse and 3 more 25 Ubuntu Linux, Debian Linux, Opensuse and 22 more 2026-04-21 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
CVE-2017-8291 3 Artifex, Debian, Redhat 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more 2026-04-21 7.8 High
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2017-12615 4 Apache, Microsoft, Netapp and 1 more 24 Tomcat, Windows, 7-mode Transition Tool and 21 more 2026-04-21 8.1 High
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 60 Tomcat, Ubuntu Linux, Debian Linux and 57 more 2026-04-21 8.1 High
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2023-3972 1 Redhat 23 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 20 more 2026-04-06 7.8 High
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
CVE-2023-5157 3 Fedoraproject, Mariadb, Redhat 17 Fedora, Mariadb, Enterprise Linux and 14 more 2026-03-18 7.5 High
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
CVE-2023-5455 3 Fedoraproject, Freeipa, Redhat 25 Fedora, Freeipa, Codeready Linux Builder and 22 more 2026-03-18 6.5 Medium
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
CVE-2016-9446 3 Fedoraproject, Gstreamer, Redhat 9 Fedora, Gstreamer, Enterprise Linux and 6 more 2026-03-17 7.5 High
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2015-0797 6 Debian, Gstreamer, Linux and 3 more 16 Debian Linux, Gstreamer, Linux Kernel and 13 more 2026-03-17 N/A
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
CVE-2017-5848 3 Debian, Gstreamer, Redhat 9 Debian Linux, Gstreamer, Enterprise Linux and 6 more 2026-03-17 7.5 High
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
CVE-2023-5869 2 Postgresql, Redhat 27 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 24 more 2026-03-11 8.8 High
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CVE-2023-5870 2 Postgresql, Redhat 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more 2026-03-02 2.2 Low
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
CVE-2024-1062 2 Fedoraproject, Redhat 16 Fedora, 389 Directory Server, Directory Server and 13 more 2026-02-25 5.5 Medium
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
CVE-2023-5633 2 Linux, Redhat 23 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more 2026-02-25 7.8 High
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
CVE-2023-46848 2 Redhat, Squid-cache 6 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus and 3 more 2026-02-25 8.6 High
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
CVE-2023-46847 2 Redhat, Squid-cache 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more 2026-02-25 8.6 High
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2023-46846 2 Redhat, Squid-cache 13 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 10 more 2026-02-25 9.3 Critical
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.