Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | |||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | |||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-11-21 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | |||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | |||||
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | |||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | |||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | |||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | |||||
| CVE-2010-3844 | 2 Debian, Ettercap-project | 2 Debian Linux, Ettercap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | |||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||||