38062 matches found
Denial Of Service (DoS)
kernel is vulnerabel to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...
Arbitrary Code Execution
gimp is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause...
Remote Code Execution (RCE)
Mozilla Thunderbird is vulnerable to remote code execution RCE. A flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...
Information Disclosure
Kernel is vulnerable to information disclosure. The attack is possible because a flaw in the dccprcvstateprocess function could allow a remote attacker to cause a denial of service, even when the socket was already closed...
Denial Of Service (DoS)
avahi is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Avahi daemon avahi-daemon processed multicast DNS mDNS packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A NULL pointer dereference flaw was found in the Generic Receive Offload GRO functionality in the Linux kernel's networking implementation. If both GRO and promiscuous mode were enabled on an interface in a virtual LAN VLAN, it could result in a denial o...
Denial Of Service (DoS)
The kernel package is vulnerable to denial of service DpS. Due to a flaw in the dvbcaioctl function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in fixuppagefault in the Xen hypervisor implementation. If a 64-bit para-virtualized guest accessed a certain area of memory, it could cause a denial of service on the host system running the Xen hyperviso...
Denial Of Service (DoS)
kernel is vulnearble to denial of service. A flaw was found in the Linux kernel execve system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM Out of Memory killer, triggering a denial of service...
Information Disclosure
kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...
Unauthenticated Access
pki allows unauthenticated access. The certificate authority allowed unauthenticated users to request the one-time PIN in an SCEP request to be decrypted. An attacker able to sniff an SCEP request from a network device could request the certificate authority to decrypt the request, allowing them ...
Information Disclosure
kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...
Privilege Escalation
firefox is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog b...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request...
Use-after-free
WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...
Cross-Site Scripting (XSS)
firefox is vulnerable to cross-site scripting. A cross-site scripting XSS flaw was found in the Firefox x-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were converted to angle brackets when displayed. If server-side script filtering missed these cases, it could...
Denial Of Service (DoS)
Samba vulnerable to Denial Of Service DoS. Due to an input sanitization flaw in the way Samba parsed client data, a malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server smbd...
Cross-site Scripting (XSS)
firefox is vulnerable to cross-site scripting XSS. The vulnerability exists as a web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website...
Arbitrary Code Execution
firefox/thunderbird/seamonkey is vulnerable to arbitrary code execution. Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running...
Arbitary Code Execution
krb5 is vulnerable to arbitrary code execution. Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center KDC decrypted ciphertexts encrypted with the Advanced Encryption Standard AES and ARCFOUR RC4 encryption algorithms. I...
Authorization Bypass
kernel is vulnerable to authorization bypass. The vulnerability exists as a missing check was found in the mextcheckarguments function in the ext4 file system code. A local user could use this flaw to cause the MOVEEXT IOCTL to overwrite the contents of an append-only file on an ext4 file system,...
Spoofing Attack
firefox is vulnerable to spoofing attack. A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not...
Arbitrary JavaScript Code Execution
firefox is vulnerable to arbitrary javascript code execution. The vulnerability exists as a flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user...
Authorization Bypass
firefox is vulnerable to authorization bypass. The vulnerability exists as an attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...
Use-after-Free
Mozilla Firefox is vulnerable to use-after-free vulnerability. As it allows the processing of malformed web content, a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Arbitrary Code Execution
libvorbis is vulnerable to arbitrary code execution. Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format file Ogg could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference...
Denial Of Service (DoS)
The kernel is vulnerable to Denial Of Service DoS. A flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw in the NFSv4 implementation. Several NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it...
Cross-site Scripting (XSS)
squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as it was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets CSS directives used in HTML mail. A remote attacker could send a specially-crafted email that could place mail content above...
Information Disclosure
The kernel is vulnerable to Information Disclosure. Due to missing initialization flaws found in the Linux kernel, padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks...
Arbitrary Code Execution
openoffice.org is vulnerable to arbitrary code execution. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-craft...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. It was discovered that, when executing a new process, the clearchildtid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly...
Denial Of Service (DoS)
The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...
Phishing Attacks
seamonkey is vulnerable to phishing attacks. The vulnerability exists as a web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The Linux kernel implementation of the Network File System NFS did not properly initialize the file name limit in the nfsserver data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share...
Denial Of Service (DoS)
The kernel is vulnerable to Denial Of Service DoS. Memory leaks were found on some error paths in the icmpsend function in the Linux kernel. This could, potentially, cause the network connectivity to cease...
Denial Of Service (DoS)
bind is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that the bind packages created the "rndc.key" file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of t...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as the dotruncate and genericfilesplicewrite functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. The vulnerability exists a web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...
Privilege Escalation
mysql is vulnerable to privilege escalation. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction ...
Arbitrary Code Execution
xorg-x11-server is vulnerable to arbitrary code execution. Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service crash or, potentially, execute arbitrary code with root privileges on the X.Org...
Arbitrary Code Execution
cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...
Information Disclsoure
seamonkey is vulnerable to information disclosure. The vulnerability exists in the way SeaMonkey displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information...
Denial Of Service (DoS)
libpng is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened...