Total
1926 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
CVE-2013-2561 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2023-12-10 | 6.3 MEDIUM | N/A |
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. | |||||
CVE-2012-1097 | 3 Linux, Redhat, Suse | 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. | |||||
CVE-2012-6545 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 1.9 LOW | N/A |
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
CVE-2013-2051 | 1 Redhat | 1 Enterprise Linux | 2023-12-10 | 2.6 LOW | N/A |
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887. | |||||
CVE-2013-4288 | 4 Canonical, Opensuse, Polkit Project and 1 more | 4 Ubuntu Linux, Opensuse, Polkit and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. | |||||
CVE-2013-1862 | 5 Apache, Canonical, Opensuse and 2 more | 11 Http Server, Ubuntu Linux, Opensuse and 8 more | 2023-12-10 | 5.1 MEDIUM | N/A |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. | |||||
CVE-2012-6546 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 1.9 LOW | N/A |
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
CVE-2013-4342 | 2 Redhat, Xinetd | 2 Enterprise Linux, Xinetd | 2023-12-10 | 7.6 HIGH | N/A |
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. | |||||
CVE-2012-0042 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2023-12-10 | 2.9 LOW | N/A |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. | |||||
CVE-2011-4097 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | |||||
CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2023-12-10 | 5.6 MEDIUM | N/A |
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||||
CVE-2012-2665 | 5 Apache, Canonical, Debian and 2 more | 11 Openoffice, Ubuntu Linux, Debian Linux and 8 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. | |||||
CVE-2012-6542 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 1.9 LOW | N/A |
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. | |||||
CVE-2013-2015 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-12-10 | 4.7 MEDIUM | N/A |
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. | |||||
CVE-2013-1913 | 3 Gimp, Gnome, Redhat | 3 Gimp, Glib, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. | |||||
CVE-2012-4290 | 4 Opensuse, Redhat, Sun and 1 more | 4 Opensuse, Enterprise Linux, Sunos and 1 more | 2023-12-10 | 3.3 LOW | N/A |
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. | |||||
CVE-2013-4332 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. | |||||
CVE-2013-1855 | 2 Redhat, Rubyonrails | 3 Enterprise Linux, Rails, Ruby On Rails | 2023-12-10 | 4.3 MEDIUM | N/A |
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. | |||||
CVE-2011-1182 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2023-12-10 | 3.6 LOW | N/A |
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. |