Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1006 | 1 Balbir Singh | 1 Libcgroup | 2023-02-12 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2011-0713 | 1 Wireshark | 1 Wireshark | 2023-02-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. | |||||
| CVE-2011-1012 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
| The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. | |||||
| CVE-2011-1016 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 1.9 LOW | N/A |
| The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. | |||||
| CVE-2011-0717 | 1 Redhat | 1 Network Satellite Server | 2023-02-12 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. | |||||
| CVE-2011-1003 | 1 Clamav | 1 Clamav | 2023-02-12 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1002 | 1 Avahi | 1 Avahi | 2023-02-12 | 5.0 MEDIUM | N/A |
| avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. | |||||
| CVE-2011-0707 | 1 Gnu | 1 Mailman | 2023-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. | |||||
| CVE-2011-0706 | 2 Redhat, Sun | 2 Icedtea-web, Jdk | 2023-02-12 | 7.5 HIGH | N/A |
| The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | |||||
| CVE-2011-0013 | 1 Apache | 1 Tomcat | 2023-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | |||||
| CVE-2011-0712 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. | |||||
| CVE-2009-4274 | 1 Netpbm | 1 Netpbm | 2023-02-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. | |||||
| CVE-2009-4273 | 1 Systemtap | 1 Systemtap | 2023-02-12 | 10.0 HIGH | N/A |
| stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. | |||||
| CVE-2009-2902 | 1 Apache | 1 Tomcat | 2023-02-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. | |||||
| CVE-2009-4272 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 7.8 HIGH | N/A |
| A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | |||||
| CVE-2009-4032 | 1 Cacti | 1 Cacti | 2023-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php. | |||||
| CVE-2009-3553 | 1 Apple | 1 Cups | 2023-02-12 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3892 | 1 Bestpractical | 1 Rt | 2023-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields. | |||||
| CVE-2009-3624 | 1 Linux | 2 Kernel, Linux Kernel | 2023-02-12 | 4.6 MEDIUM | N/A |
| The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. | |||||
| CVE-2009-3722 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.1 HIGH | N/A |
| The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application. | |||||