Total
9187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2020-08-18 | 3.3 LOW | 6.5 MEDIUM |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | |||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2020-08-18 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2013-7089 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| ClamAV before 0.97.7: dbg_printhex possible information leak | |||||
| CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2020-08-18 | 1.9 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | |||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2020-08-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
| CVE-2017-11103 | 5 Apple, Debian, Freebsd and 2 more | 6 Iphone Os, Mac Os X, Debian Linux and 3 more | 2020-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. | |||||
| CVE-2019-14438 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | |||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2020-08-18 | 4.6 MEDIUM | 7.8 HIGH |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2020-08-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2011-1934 | 2 Debian, Lilo Project | 2 Debian Linux, Lilo | 2020-08-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. | |||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2020-08-18 | 4.4 MEDIUM | 4.8 MEDIUM |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. | |||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2020-08-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | |||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2020-08-18 | 2.6 LOW | 5.3 MEDIUM |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | |||||
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2020-08-18 | 3.3 LOW | 4.4 MEDIUM |
| In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2020-08-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
| CVE-2013-4168 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2020-08-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | |||||