Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3431 | 1 Linux-pam | 1 Linux-pam | 2023-02-12 | 1.9 LOW | N/A |
| The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. | |||||
| CVE-2010-3430 | 1 Linux-pam | 1 Linux-pam | 2023-02-12 | 4.7 MEDIUM | N/A |
| The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. | |||||
| CVE-2010-3435 | 1 Linux-pam | 1 Linux-pam | 2023-02-12 | 4.7 MEDIUM | N/A |
| The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. | |||||
| CVE-2010-3316 | 1 Linux-pam | 1 Linux-pam | 2023-02-12 | 3.3 LOW | N/A |
| The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. | |||||
| CVE-2010-3086 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
| include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. | |||||
| CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2023-02-12 | 4.3 MEDIUM | N/A |
| LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | |||||
| CVE-2010-2949 | 1 Quagga | 1 Quagga | 2023-02-12 | 5.0 MEDIUM | N/A |
| bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | |||||
| CVE-2010-3066 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
| The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag. | |||||
| CVE-2010-2060 | 1 Wildbit | 1 Beanstalkd | 2023-02-12 | 7.5 HIGH | N/A |
| The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c. | |||||
| CVE-2010-1643 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.9 MEDIUM | N/A |
| mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-1639 | 1 Clamav | 1 Clamav | 2023-02-12 | 4.3 MEDIUM | N/A |
| The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | |||||
| CVE-2010-1635 | 1 Samba | 1 Samba | 2023-02-12 | 5.0 MEDIUM | N/A |
| The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. | |||||
| CVE-2010-1162 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
| The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. | |||||
| CVE-2010-1452 | 1 Apache | 1 Http Server | 2023-02-12 | 5.0 MEDIUM | N/A |
| The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. | |||||
| CVE-2010-0415 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.6 MEDIUM | N/A |
| The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. | |||||
| CVE-2010-0437 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.8 HIGH | N/A |
| The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-0435 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2023-02-12 | 4.6 MEDIUM | N/A |
| The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | |||||
| CVE-2010-0408 | 1 Apache | 1 Http Server | 2023-02-12 | 5.0 MEDIUM | N/A |
| The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | |||||
| CVE-2010-0307 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-12 | 4.7 MEDIUM | N/A |
| The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | |||||
| CVE-2012-0860 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-02-12 | 6.2 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | |||||