852 matches found
PT-2016-3900 · Grassroots · Grassroot Dicom
Name of the Vulnerable Software and Affected Versions: Grassroots DICOM versions prior to 2.6.2 Description: The issue allows remote attackers to obtain sensitive information from process memory or cause a denial of service via an embedded JPEG-LS image with dimensions larger than the selected...
IBM Security QRadar SIEM Cross-Site Scripting Vulnerability
IBM Security QRadar SIEM is an IBM USA solution that consolidates log-sourced event data from thousands of devices and applications dispersed throughout the network. The solution stores each event in its raw form and then performs instant correlation of events to differentiate between actual...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2015-06982)
Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. An unspecified vulnerability exists in Oracle MySQL Server versions 5.5.45 and earlier and 5.6.26 and earlier. ...
Vulnerabilities of the CentOS operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The kernel-abi-whitelists-2.6.32 package on the CentOS operating system has multiple vulnerabilities. Exploiting these vulnerabilities can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
CVE-2012-5242
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter in a gettemplate action...
PT-2012-1143 · Puppet +1 · Puppet Enterprise (Pe) Users +2
Name of the Vulnerable Software and Affected Versions: Puppet versions 2.6.x through 2.6.14 Puppet versions 2.7.x through 2.7.12 Puppet Enterprise PE Users versions 1.0 through 1.2.x Puppet Enterprise PE Users versions 2.0.x through 2.5.0 Description: The issue allows remote authenticated users...
PT-2012-3357 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.22 Description: The issue is related to a double free vulnerability in the xfrm6 tunnel rcv function. This vulnerability can be exploited by remote attackers who send crafted IPv6 packets, potentially causin...
PT-2011-4840 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6 Description: The issue is related to a buffer overflow in the xfs readlink function, which can cause memory corruption and a crash, potentially allowing the execution of arbitrary code. This occurs when CONFIG XFS DEB...
DEBIAN-CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...
(CGIHTTPServer): CGI script source code disclosure
The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
PT-2011-1487 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.34 Description: The issue is related to the socket implementation in the Linux kernel, which does not properly manage a backlog of received packets. This allows remote attackers to cause a denial of service ...
PT-2011-2420 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38-rc2 Description: The issue is related to the dvb ca ioctl function in the Linux kernel, which does not properly check the sign of a certain integer field. This oversight allows local users to potentially...
PT-2010-5202 · Microsoft · Windows Movie Maker
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Movie Maker version 2.6 Description: The issue is related to an untrusted search path vulnerability, which allows local users to gain privileges. This can be achieved by placing a Trojan horse DLL in the current working...
PT-2010-5331 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 Description: The issue is related to the do tcp setsockopt function in the Linux kernel, which does not properly restrict TCP MAXSEG aka MSS values. This allows local users to cause a denial of servic...
kernel: xfs swapext ioctl minor security issue
The xfsswapext function in fs/xfs/xfsdfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file...
kernel: sctp remote denial of service
The sctprcvootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service infinite loop via 1 an Out Of The Blue OOTB chunk or 2 a chunk of zero length...
kernel: megaraid_sas permissions in sysfs
The pollmodeio file for the megaraidsas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file...
kernel: Missing ioctl() permission checks in aacraid driver
The 1 aaccfgopen and 2 aaccompatioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges...
PHP multibyte shell escape flaw
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."...
PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal
Name of the Vulnerable Software and Affected Versions: GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier Description: The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords ...