9125 matches found
CVE-2010-4533
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
CVE-2013-1425
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
CVE-2017-17527
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code ...
CVE-2018-7998
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...
CVE-2001-0738
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
CVE-2010-4817
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
CVE-2012-0051
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
CVE-1999-1411
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
CVE-2006-1566
Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
CVE-2011-1070
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
CVE-2012-6697
InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
CVE-2018-7869
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.
CVE-1999-1048
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
CVE-2006-1772
debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which...
CVE-2012-4385
letodms 3.3.6 has CSRF via change password
CVE-2018-7874
An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-1999-1276
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
CVE-2006-1376
The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).
CVE-2011-4931
gpw generates shorter passwords than required
CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain...
CVE-2013-1809
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
CVE-2017-6498
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.