Search Results (3295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3188 1 Opensuse 1 Opensuse 2026-04-23 7.5 High
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
CVE-2007-1320 6 Debian, Fedoraproject, Opensuse and 3 more 7 Debian Linux, Fedora, Fedora Core and 4 more 2026-04-23 N/A
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
CVE-2008-3187 1 Opensuse 1 Zypper 2026-04-23 N/A
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
CVE-2009-2910 6 Canonical, Fedoraproject, Linux and 3 more 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more 2026-04-23 N/A
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
CVE-2009-2816 4 Apple, Fedoraproject, Google and 1 more 5 Iphone Os, Safari, Fedora and 2 more 2026-04-23 N/A
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
CVE-2009-1242 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2026-04-23 N/A
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.
CVE-2009-3612 6 Canonical, Fedoraproject, Linux and 3 more 9 Ubuntu Linux, Fedora, Linux Kernel and 6 more 2026-04-23 N/A
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
CVE-2009-1185 8 Canonical, Debian, Fedoraproject and 5 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2026-04-23 N/A
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-3080 7 Canonical, Debian, Linux and 4 more 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more 2026-04-23 N/A
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2009-2472 5 Fedoraproject, Mozilla, Opensuse and 2 more 7 Fedora, Firefox, Opensuse and 4 more 2026-04-23 N/A
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
CVE-2009-1961 6 Canonical, Debian, Linux and 3 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2026-04-23 4.7 Medium
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
CVE-2009-3231 5 Canonical, Fedoraproject, Opensuse and 2 more 6 Ubuntu Linux, Fedora, Opensuse and 3 more 2026-04-23 N/A
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVE-2009-0040 7 Apple, Debian, Fedoraproject and 4 more 10 Iphone Os, Mac Os X, Debian Linux and 7 more 2026-04-23 N/A
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2008-5183 4 Apple, Debian, Opensuse and 1 more 6 Cups, Mac Os X, Mac Os X Server and 3 more 2026-04-23 7.5 High
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
CVE-2008-4636 3 Novell, Opensuse, Suse 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more 2026-04-23 N/A
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
CVE-2009-0949 6 Apple, Canonical, Debian and 3 more 8 Cups, Mac Os X, Mac Os X Server and 5 more 2026-04-23 7.5 High
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
CVE-2008-1567 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Opensuse and 1 more 2026-04-23 5.5 Medium
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2009-0310 1 Opensuse 1 Opensuse 2026-04-23 N/A
Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
CVE-2009-0848 1 Opensuse 1 Opensuse 2026-04-23 N/A
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
CVE-2009-0834 6 Canonical, Debian, Linux and 3 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2026-04-23 N/A
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.