Total
1926 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4299 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 6.0 MEDIUM | N/A |
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | |||||
CVE-2013-4485 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2023-12-10 | 4.0 MEDIUM | N/A |
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | |||||
CVE-2013-4124 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Opensuse and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | |||||
CVE-2013-4248 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | N/A |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2012-6538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 1.9 LOW | N/A |
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | |||||
CVE-2013-1978 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. | |||||
CVE-2012-0787 | 2 Augeas, Redhat | 2 Augeas, Enterprise Linux | 2023-12-10 | 3.7 LOW | N/A |
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option. | |||||
CVE-2012-0067 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2023-12-10 | 4.3 MEDIUM | N/A |
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. | |||||
CVE-2013-1774 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-12-10 | 4.0 MEDIUM | N/A |
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. | |||||
CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2023-12-10 | 1.2 LOW | N/A |
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | |||||
CVE-2013-4397 | 2 Feep, Redhat | 2 Libtar, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. | |||||
CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 3 Enterprise Linux, Ruby, Rubygems | 2023-12-10 | 4.3 MEDIUM | N/A |
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | |||||
CVE-2011-3593 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 5.7 MEDIUM | N/A |
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. | |||||
CVE-2012-4291 | 4 Opensuse, Redhat, Sun and 1 more | 4 Opensuse, Enterprise Linux, Sunos and 1 more | 2023-12-10 | 3.3 LOW | N/A |
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | |||||
CVE-2013-4326 | 2 Lennart Poettering, Redhat | 2 Rkit, Enterprise Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2011-2517 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. | |||||
CVE-2012-3177 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. | |||||
CVE-2013-0221 | 2 Opensuse, Redhat | 2 Opensuse, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | N/A |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. | |||||
CVE-2013-1935 | 1 Redhat | 1 Enterprise Linux | 2023-12-10 | 5.7 MEDIUM | N/A |
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible. | |||||
CVE-2013-0223 | 2 Opensuse, Redhat | 2 Opensuse, Enterprise Linux | 2023-12-10 | 1.9 LOW | N/A |
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. |