Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2699 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 7.5 High
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
CVE-2011-3188 3 F5, Linux, Redhat 17 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 14 more 2025-04-11 9.1 Critical
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVE-2010-2328 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.
CVE-2010-2285 1 Wireshark 1 Wireshark 2025-04-11 N/A
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
CVE-2010-2283 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
CVE-2010-2280 1 Ibm 1 Lotus Connections 2025-04-11 N/A
Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.
CVE-2010-2279 1 Ibm 1 Lotus Connections 2025-04-11 N/A
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.
CVE-2010-2278 1 Ibm 1 Lotus Connections 2025-04-11 N/A
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
CVE-2010-2274 1 Dojotoolkit 1 Dojo 2025-04-11 N/A
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
CVE-2010-1803 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.
CVE-2010-1795 1 Apple 1 Itunes 2025-04-11 N/A
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2010-1790 3 Apple, Microsoft, Redhat 8 Mac Os X, Mac Os X Server, Safari and 5 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
CVE-2010-1764 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
CVE-2010-1756 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 N/A
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
CVE-2010-1674 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2025-04-11 N/A
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
CVE-2010-1643 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.
CVE-2010-1639 1 Clamav 1 Clamav 2025-04-11 N/A
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.
CVE-2010-1635 1 Samba 1 Samba 2025-04-11 N/A
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
CVE-2010-1616 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
CVE-2010-1612 2 Ibm, Qlogic 6 Websphere Datapower B2b Appliance Xb60, Websphere Datapower Datapower Integration Appliance Xi50, Websphere Datapower Low Latency Appliance Xm70 and 3 more 2025-04-11 N/A
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address.