38332 matches found
Arbitrary Code Execution
python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code excution. A flaw was found in the way SeaMonkey loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with...
Denial Of Service (DoS)
The kernel is vulnerable to Denial Of Service DoS. The attack is possible because a NULL pointer dereference flaw in ftraceregexlseek in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted...
Use-after-Free
Mozilla Firefox is vulnerable to use-after-free vulnerability. As it allows the processing of malformed web content, a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Denial Of Service (DoS)
The kernel package is vulnerable to Denial Of Service DoS. A divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference...
Authorization Bypass
java is vulnerable to authorization bypass. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...
Privilege Escalation
java is vulnerable to privilege escalation. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...
Denial Of Service (DoS)
The kernel vulnerable to denial of service DoS. The Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table via specially-crafted packe...
Spoofable Address Bar
Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...
Privilege Escalation
udev is vulnerable to privilege escalation. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an...
Remote Code Execution (RCE)
SeaMonkey is vulnerable to Remote Code Execution RCE. Due to a flaw found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this fl...
Arbitrary Code Execution
openoffice.org is vulnerable to arbitrary code execution. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-craft...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...
Phishing Attacks
seamonkey is vulnerable to phishing attacks. The vulnerability exists as a web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials...
Cross-Site Scripting (XSS)
modperl is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via el/functions.jsp, el/implicit-objects.jsp and jspx/textRotate.jspx in examples/jsp2...
Arbitrary Code Execution
ghostscript is vulnerable to arbitrary code execution. A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when open...
Arbitrary Code Execution
xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The Linux kernel implementation of the Network File System NFS did not properly initialize the file name limit in the nfsserver data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey...
Denial Of Service (DoS)
The kernel is vulnerable to Denial Of Service DoS. Memory leaks were found on some error paths in the icmpsend function in the Linux kernel. This could, potentially, cause the network connectivity to cease...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...
Cross-Site Request Forgery (CSRF)
The modproxybalancer module in Apache HTTP server is vulnerable to cross-site request forgery CSRF. A remote attacker could cause a denial of service by exploiting the vulnerability if modproxybalancer is enabled and an authenticated user is targeted...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as the sendmsg function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. The ext2 and ext3 filesystem code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as the dotruncate and genericfilesplicewrite functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. The vulnerability exists a web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists as multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation...
Privilege Escalation
mysql is vulnerable to privilege escalation. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction ...
Arbitrary Code Execution
xorg-x11-server is vulnerable to arbitrary code execution. Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service crash or, potentially, execute arbitrary code with root privileges on the X.Org...
Arbitrary Code Execution
seamonkey is vulnerable to arbitrary code execution. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...
Arbitrary Code Execution
cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...
Arbitrary Code Execution
cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...
Information Disclsoure
seamonkey is vulnerable to information disclosure. The vulnerability exists in the way SeaMonkey displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information...
Cross-Site Request Forgery (CSRF)
firefox is vulnerable to cross-site request forgery CSRF. A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists as a bug in the random number generator that prevented the manual seeding of the entropy pool...
CRLF Injection
php is vulnerable to CRLF Injection. A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as a denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array...
Denial Of Service (DoS)
gzip is vulnerable to denial of service DoS. The vulnerability exists in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash...
Information Disclosure
The kdebase is vulnerable to information disclosure. A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser...
Denial Of Service (DoS)
mysql is vulnerable to denial of service DoS. The vulnerability exists as MySQL allowed authenticated users to cause a denial of service crash via a NULL second argument to the strtodate function...
Information Disclosure
X.org is vulnerable to Information Disclosure. An integer overflow flaw was found in the X.org XGetPixel function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution...
Remote Code Execution (RCE)
Mozilla Thunderbird is vulnerable to Remote Code Execution RCE. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird...
Denial Of Service (DoS)
Mozilla is vulnerable to denial of service DoS. The vulnerability exists through out of bounds write in GMPDecodeData when processing large images...
Information Disclosure
Mozilla is vulnerable to information disclosure. The vulnerability exists as uninitialized memory could be read when using the WebGL copyTexSubImage method...
Denial Of Service (DoS)
The kernel-rt packages is vulnerable to denial of service DoS due to a race condition in perfeventopen...
Use-after Free
libxml2 is vulnerable to Use after free triggered by XPointer paths beginning with range-to...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages...
Memory Leaks
ImageMagick is vulnerable to memory leaks in the function AcquireMagickMemory because of an AnnotateImage error...