Vendor CVEs
Fedoraproject
All CVEs
833 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4453 | 0.00 | — | 0.00 | Oct 9, 2012 | dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | |||
| CVE-2012-4450 | 0.00 | — | 0.02 | Oct 1, 2012 | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | |||
| CVE-2012-2314 | 0.00 | — | 0.00 | Jul 3, 2012 | The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | |||
| CVE-2012-2746 | 0.00 | — | 0.01 | Jul 3, 2012 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | |||
| CVE-2012-2678 | 0.00 | — | 0.01 | Jul 3, 2012 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. | |||
| CVE-2012-0833 | 0.00 | — | 0.01 | Jul 3, 2012 | The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause… | |||
| CVE-2012-1988 | 0.00 | — | 0.03 | May 29, 2012 | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating… | |||
| CVE-2011-4315 | 0.00 | — | 0.06 | Dec 8, 2011 | Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | |||
| CVE-2011-1526 | 0.00 | — | 0.04 | Jul 11, 2011 | ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read… | |||
| CVE-2011-2192 | 0.00 | — | 0.03 | Jul 7, 2011 | The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | |||
| CVE-2011-1943 | 0.00 | — | 0.00 | Jun 14, 2011 | The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||
| CVE-2011-1758 | 0.00 | — | 0.00 | May 26, 2011 | The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass… | |||
| CVE-2011-1027 | 0.00 | — | 0.04 | Mar 20, 2011 | Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg… | |||
| CVE-2011-1067 | 0.00 | — | 0.01 | Feb 23, 2011 | slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using… | |||
| CVE-2011-0532 | 0.00 | — | 0.00 | Feb 23, 2011 | The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan… | |||
| CVE-2011-0022 | 0.00 | — | 0.00 | Feb 23, 2011 | The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary… | |||
| CVE-2011-0019 | 0.00 | — | 0.01 | Feb 23, 2011 | slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via… | |||
| CVE-2010-4746 | 0.00 | — | 0.02 | Feb 23, 2011 | Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2)… | |||
| CVE-2010-4744 | 0.00 | — | 0.03 | Feb 18, 2011 | Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. | |||
| CVE-2010-4743 | 0.00 | — | 0.03 | Feb 18, 2011 | Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party… | |||
| CVE-2010-3441 | 0.00 | — | 0.06 | Feb 18, 2011 | Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on… | |||
| CVE-2010-4341 | 0.00 | — | 0.00 | Jan 25, 2011 | The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | |||
| CVE-2011-0495 | 0.00 | — | 0.04 | Jan 20, 2011 | Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users… | |||
| CVE-2010-4162 | 0.00 | — | 0.00 | Jan 3, 2011 | Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. | |||
| CVE-2010-3874 | 0.00 | — | 0.00 | Dec 29, 2010 | Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory… | |||
| CVE-2010-4157 | 0.00 | — | 0.01 | Dec 10, 2010 | Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. | |||
| CVE-2010-3705 | 0.00 | — | 0.02 | Nov 26, 2010 | The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last… | |||
| CVE-2010-3698 | 0.00 | — | 0.00 | Nov 26, 2010 | The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). | |||
| CVE-2010-2962 | 0.00 | — | 0.00 | Nov 26, 2010 | drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to… | |||
| CVE-2010-4169 | 0.00 | — | 0.00 | Nov 22, 2010 | Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. | |||
| CVE-2010-3702 | 0.00 | — | 0.03 | Nov 5, 2010 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an… | |||
| CVE-2010-3442 | 0.00 | — | 0.00 | Oct 4, 2010 | Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1)… | |||
| CVE-2010-2940 | 0.00 | — | 0.02 | Aug 30, 2010 | The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | |||
| CVE-2010-1634 | 0.00 | — | 0.04 | May 27, 2010 | Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first… | |||
| CVE-2010-0751 | 0.00 | — | 0.04 | Apr 6, 2010 | The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets. | |||
| CVE-2010-0205 | 0.00 | — | 0.04 | Mar 3, 2010 | The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to… | |||
| CVE-2010-0014 | 0.00 | — | 0.01 | Jan 14, 2010 | System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's… | |||
| CVE-2009-4135 | 0.00 | — | 0.00 | Dec 11, 2009 | The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | |||
| CVE-2009-2816 | 0.00 | — | 0.02 | Nov 13, 2009 | The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for… | |||
| CVE-2009-3767 | 0.00 | — | 0.03 | Oct 23, 2009 | libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2009-2910 | 0.00 | — | 0.00 | Oct 20, 2009 | arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | |||
| CVE-2009-3612 | 0.00 | — | 0.00 | Oct 19, 2009 | The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel… | |||
| CVE-2009-2813 | 0.00 | — | 0.03 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,… | |||
| CVE-2009-2474 | 0.00 | — | 0.01 | Aug 21, 2009 | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate… | |||
| CVE-2009-2848 | 0.00 | — | 0.01 | Aug 18, 2009 | The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with… | |||
| CVE-2009-2625 | 0.00 | — | 0.30 | Aug 6, 2009 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via… | |||
| CVE-2009-1721 | 0.00 | — | 0.04 | Jul 31, 2009 | The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. | |||
| CVE-2009-2472 | 0.00 | — | 0.02 | Jul 22, 2009 | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin… | |||
| CVE-2009-1903 | 0.00 | — | 0.03 | Jun 3, 2009 | The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. | |||
| CVE-2009-1186 | 0.00 | — | 0.01 | Apr 17, 2009 | Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. |
- CVE-2012-4453Oct 9, 2012risk 0.00cvss —epss 0.00
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
- CVE-2012-4450Oct 1, 2012risk 0.00cvss —epss 0.02
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
- CVE-2012-2314Jul 3, 2012risk 0.00cvss —epss 0.00
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
- CVE-2012-2746Jul 3, 2012risk 0.00cvss —epss 0.01
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
- CVE-2012-2678Jul 3, 2012risk 0.00cvss —epss 0.01
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
- CVE-2012-0833Jul 3, 2012risk 0.00cvss —epss 0.01
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause…
- CVE-2012-1988May 29, 2012risk 0.00cvss —epss 0.03
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating…
- CVE-2011-4315Dec 8, 2011risk 0.00cvss —epss 0.06
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
- CVE-2011-1526Jul 11, 2011risk 0.00cvss —epss 0.04
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read…
- CVE-2011-2192Jul 7, 2011risk 0.00cvss —epss 0.03
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
- CVE-2011-1943Jun 14, 2011risk 0.00cvss —epss 0.00
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
- CVE-2011-1758May 26, 2011risk 0.00cvss —epss 0.00
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass…
- CVE-2011-1027Mar 20, 2011risk 0.00cvss —epss 0.04
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg…
- CVE-2011-1067Feb 23, 2011risk 0.00cvss —epss 0.01
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using…
- CVE-2011-0532Feb 23, 2011risk 0.00cvss —epss 0.00
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan…
- CVE-2011-0022Feb 23, 2011risk 0.00cvss —epss 0.00
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary…
- CVE-2011-0019Feb 23, 2011risk 0.00cvss —epss 0.01
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via…
- CVE-2010-4746Feb 23, 2011risk 0.00cvss —epss 0.02
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2)…
- CVE-2010-4744Feb 18, 2011risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441.
- CVE-2010-4743Feb 18, 2011risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party…
- CVE-2010-3441Feb 18, 2011risk 0.00cvss —epss 0.06
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on…
- CVE-2010-4341Jan 25, 2011risk 0.00cvss —epss 0.00
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
- CVE-2011-0495Jan 20, 2011risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users…
- CVE-2010-4162Jan 3, 2011risk 0.00cvss —epss 0.00
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.
- CVE-2010-3874Dec 29, 2010risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory…
- CVE-2010-4157Dec 10, 2010risk 0.00cvss —epss 0.01
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.
- CVE-2010-3705Nov 26, 2010risk 0.00cvss —epss 0.02
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last…
- CVE-2010-3698Nov 26, 2010risk 0.00cvss —epss 0.00
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).
- CVE-2010-2962Nov 26, 2010risk 0.00cvss —epss 0.00
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to…
- CVE-2010-4169Nov 22, 2010risk 0.00cvss —epss 0.00
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
- CVE-2010-3702Nov 5, 2010risk 0.00cvss —epss 0.03
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…
- CVE-2010-3442Oct 4, 2010risk 0.00cvss —epss 0.00
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1)…
- CVE-2010-2940Aug 30, 2010risk 0.00cvss —epss 0.02
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
- CVE-2010-1634May 27, 2010risk 0.00cvss —epss 0.04
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first…
- CVE-2010-0751Apr 6, 2010risk 0.00cvss —epss 0.04
The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.
- CVE-2010-0205Mar 3, 2010risk 0.00cvss —epss 0.04
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to…
- CVE-2010-0014Jan 14, 2010risk 0.00cvss —epss 0.01
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's…
- CVE-2009-4135Dec 11, 2009risk 0.00cvss —epss 0.00
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
- CVE-2009-2816Nov 13, 2009risk 0.00cvss —epss 0.02
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for…
- CVE-2009-3767Oct 23, 2009risk 0.00cvss —epss 0.03
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof…
- CVE-2009-2910Oct 20, 2009risk 0.00cvss —epss 0.00
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
- CVE-2009-3612Oct 19, 2009risk 0.00cvss —epss 0.00
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel…
- CVE-2009-2813Sep 14, 2009risk 0.00cvss —epss 0.03
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…
- CVE-2009-2474Aug 21, 2009risk 0.00cvss —epss 0.01
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…
- CVE-2009-2848Aug 18, 2009risk 0.00cvss —epss 0.01
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with…
- CVE-2009-2625Aug 6, 2009risk 0.00cvss —epss 0.30
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via…
- CVE-2009-1721Jul 31, 2009risk 0.00cvss —epss 0.04
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
- CVE-2009-2472Jul 22, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin…
- CVE-2009-1903Jun 3, 2009risk 0.00cvss —epss 0.03
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
- CVE-2009-1186Apr 17, 2009risk 0.00cvss —epss 0.01
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
Page 16 of 17