DEBIAN-CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact...

CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact...

CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact...

CVE-2012-1111

CVE-2012-1111 affects lightdm prior to 1.0.9. The issue is failure to properly close file descriptors before starting a child process, allowing local users to write to the lightdm log (and other unspecified impact). Remediation: upgrade to lightdm 1.0.9 or later (patches addressing this flaw). If...

CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact...

DEBIAN-CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

CVE-2014-3636

CVE-2014-3636 affects D-Bus 1.3.0–1.6.x before 1.6.24 and 1.8.x before 1.8.8. Local attackers can cause a denial of service by (1) queuing the maximum number of file descriptors to prevent new connections and drop existing ones, or (2) triggering a disconnect via multiple messages that exceed the...

CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

libxml2: Denial of service

Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...

Amazon Linux AMI : libxml2 (ALAS-2014-341)

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that...

DEBIAN-CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

Open redirect

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

UBUNTU-CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

USN-2352-1: DBus vulnerabilities

Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)

Simon McVittie reports : Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...