Total
1993 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2765 | 2 Redhat, Sun | 4 Enterprise Linux, Iplanet Messaging Server, One Messaging Server and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. | |||||
| CVE-2012-6538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
| The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2013-4296 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2025-04-11 | 4.0 MEDIUM | N/A |
| The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. | |||||
| CVE-2011-0714 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 5.7 MEDIUM | N/A |
| Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. | |||||
| CVE-2010-4805 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 7.8 HIGH | 7.5 HIGH |
| The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. | |||||
| CVE-2011-0536 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2013-2224 | 1 Redhat | 1 Enterprise Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
| A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552. | |||||
| CVE-2013-1872 | 4 Canonical, Mesa3d, Opensuse and 1 more | 4 Ubuntu Linux, Mesa, Opensuse and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. | |||||
| CVE-2024-9675 | 2 Buildah Project, Redhat | 14 Buildah, Enterprise Linux, Enterprise Linux Eus and 11 more | 2025-04-10 | N/A | 7.8 HIGH |
| A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | |||||
| CVE-2025-26600 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. | |||||
| CVE-2025-26596 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. | |||||
| CVE-2025-26601 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. | |||||
| CVE-2025-26598 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. | |||||
| CVE-2025-26599 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. | |||||
| CVE-2025-26594 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. | |||||
| CVE-2025-26597 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-04-10 | N/A | 7.8 HIGH |
| A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. | |||||
| CVE-2022-3715 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2025-04-10 | N/A | 7.8 HIGH |
| A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | |||||
| CVE-2024-2496 | 2 Debian, Redhat | 3 Debian Linux, Enterprise Linux, Libvirt | 2025-04-09 | N/A | 5.0 MEDIUM |
| A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
| CVE-2024-2002 | 3 Fedoraproject, Libdwarf Project, Redhat | 3 Fedora, Libdwarf, Enterprise Linux | 2025-04-09 | N/A | 7.5 HIGH |
| A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. | |||||