Search Results (96 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2301 3 Google, Opensuse, Suse 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
CVE-2010-2297 3 Google, Opensuse, Suse 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more 2025-04-11 N/A
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
CVE-2010-3081 4 Linux, Redhat, Suse and 1 more 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more 2025-04-11 7.8 High
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
CVE-2010-3078 6 Canonical, Linux, Opensuse and 3 more 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more 2025-04-11 5.5 Medium
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVE-2010-2960 3 Canonical, Linux, Suse 4 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 1 more 2025-04-11 7.8 High
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
CVE-2010-2942 7 Avaya, Canonical, Linux and 4 more 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more 2025-04-11 5.5 Medium
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
CVE-2023-32182 2 Opensuse, Suse 3 Leap, Linux Enterprise High Performance Computing, Suse Linux Enterprise Desktop 2024-11-21 5.9 Medium
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
CVE-2020-6449 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6429 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6428 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6427 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6426 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 6.5 Medium
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6424 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6422 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-19655 2 Dcraw Project, Suse 3 Dcraw, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server 2024-11-21 N/A
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
CVE-2011-4190 1 Suse 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server 2024-11-21 N/A
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).