Search Results (2146 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3983 2 Fedora, Redhat 2 Pacemaker Configuration System, Enterprise Linux 2025-04-12 N/A
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types.
CVE-2014-8165 2 Powerpc-utils Project, Redhat 2 Powerpc-utils, Enterprise Linux 2025-04-12 N/A
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2014-8143 1 Samba 1 Samba 2025-04-12 N/A
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
CVE-2015-6254 2 Picketlink, Redhat 2 Picketlink, Jboss Enterprise Application Platform 2025-04-12 6.3 Medium
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
CVE-2014-3251 2 Puppet, Puppetlabs 2 Puppet Enterprise, Mcollective 2025-04-12 N/A
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
CVE-2015-2704 2 Realmd Project, Redhat 2 Realmd, Enterprise Linux 2025-04-12 N/A
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.
CVE-2013-7397 2 Async-http-client Project, Redhat 5 Async-http-client, Jboss Bpms, Jboss Brms and 2 more 2025-04-12 N/A
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.
CVE-2016-2309 1 Irz 1 Ruh2 2025-04-12 N/A
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2017-20146 1 Gorillatoolkit 1 Handlers 2025-04-11 9.8 Critical
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
CVE-2020-36563 1 Robotsandpencils 1 Go-saml 2025-04-11 5.3 Medium
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
CVE-2014-0022 2 Baseurl, Redhat 2 Yum, Enterprise Linux 2025-04-11 N/A
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
CVE-2012-4193 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2025-04-11 N/A
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
CVE-2011-3072 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
CVE-2011-0025 1 Redhat 1 Icedtea 2025-04-11 N/A
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
CVE-2011-3067 2 Apple, Google 3 Iphone Os, Safari, Chrome 2025-04-11 N/A
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
CVE-2011-3056 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2025-04-11 N/A
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
CVE-2011-2856 1 Google 1 Chrome 2025-04-11 N/A
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2011-3956 1 Google 1 Chrome 2025-04-11 N/A
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
CVE-2011-3965 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2022-42267 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2025-04-10 7 High
NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.