Lucene search
K

11 matches found

CVE
CVE
added 2018/11/12 3:0 p.m.143 views

CVE-2018-19200

CVE-2018-19200 affects the uriparser library prior to 0.9.0. The vulnerability arises from UriCommon.c handling NULL input, allowing an operation on NULL input via a uriResetUri* function. Public advisories indicate this has been fixed in uriparser 0.9.0 and related security updates across severa...

7.5CVSS8.2AI score0.02484EPSS
CVE
CVE
added 2015/04/21 10:0 a.m.131 views

CVE-2015-2041

CVE-2015-2041 affects Unity Linux kernels (20.1050e/20.1060e/20.1070e) where the Linux kernel before 3.19 contains an error in net/llc/sysctl_net_llc.c using an incorrect data type in a sysctl table. This local information-disclosure flaw allows an unprivileged local user to read potentially sens...

4.6CVSS5.8AI score0.00472EPSS
CVE
CVE
added 2014/02/05 7:0 p.m.93 views

CVE-2011-4613

The CVE-2011-4613 issue affects the X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux, where input TTY verification can bypass access restrictions by misinterpreting stdin as the console TTY. This is a local vulnerability that could allow bypassing restrictions during X sta...

4.6CVSS6AI score0.00862EPSS
CVE
CVE
added 2015/05/27 10:0 a.m.88 views

CVE-2015-3332

CVE-2015-3332 affects the Linux kernel TCP Fast Open code before 3.18, where a count is not correctly maintained, allowing a local user to crash the system (DoS) via the Fast Open feature. Demonstrated on certain 3.10.x–3.16.x kernels by visiting chrome://flags/#enable-tcp-fast-open. The issue is...

4.9CVSS6.3AI score0.00381EPSS
CVE
CVE
added 2014/03/14 3:0 p.m.86 views

CVE-2013-6474

CVE-2013-6474 is a heap-based buffer overflow in the pdftoopvp filter within CUPS/cups-filters that allows remote code execution via a crafted PDF. Affected: cups-filters (and CUPS components) prior to version 1.0.47. Impact: arbitrary code execution with lp user privileges as described in the CV...

6.8CVSS7.7AI score0.03072EPSS
CVE
CVE
added 2007/12/18 12:0 a.m.81 views

CVE-2007-6418

CVE-2007-6418 (Debian - dspam): The Debian-provided CRON script for dspam uses the MySQL backend and exposes the dspam password on the command line, enabling a local attacker to read the password and potentially access the dspam database (e-mails, etc.). The issue is fixed in Debian etch via dspa...

2.1CVSS6.2AI score0.00346EPSS
CVE
CVE
added 2014/03/14 3:0 p.m.77 views

CVE-2013-6475

CVE-2013-6475 affects cups-filters (pdftoopvp filter). The connected advisories describe memory handling vulnerabilities in cups-filters that could allow a remote attacker to execute arbitrary code via crafted input, due to issues in the pdftoopvp filter (and related filters like urftopdf). Impac...

6.8CVSS7.5AI score0.03219EPSS
CVE
CVE
added 2011/03/25 7:0 p.m.72 views

CVE-2011-1400

The CVE-2011-1400 issue affects the tex-common package, where the default shell_escape_commands setting in conf/texmf.d/95NonPath.cnf could allow remote code execution via a crafted TeX document. Affected distributions include Debian GNU/Linux squeeze and Ubuntu 10.04/10.10, with tex-common befor...

6.8CVSS7.5AI score0.04061EPSS
CVE
CVE
added 2012/08/07 7:0 p.m.72 views

CVE-2012-2317

CVE-2012-2317 concerns a vulnerability in the Debian/Ubuntu patch for PHP 5.3.x where an empty salt string is not handled properly by the crypt() password hashing path. This could let remote attackers bypass authentication if an application relies on PHP’s crypt() salt selection. Affected package...

4.3CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2014/03/14 3:0 p.m.72 views

CVE-2013-6476

CVE-2013-6476 affects cups-filters (pdftoopvp filter) and its OPVPWrapper.cxx path handling. The root cause is that the pdftoopvp filter did not restrict driver directories, allowing a local attacker to place a Trojan horse driver in the same directory as the PDF to gain privileges. The vulnerabi...

4.4CVSS6.2AI score0.00314EPSS
CVE
CVE
added 2009/05/06 5:0 p.m.65 views

CVE-2009-1573

What is affected. xvfb-run 1.6.1 (Debian/Ubuntu/Fedora and possibly other OSes) has the flaw. The root cause described in the CVE context is that the X11 magic cookie (MCOOKIE) is exposed on the command line, which can be discovered by local users. Impact. Local privilege escalation by listing th...

4.6CVSS6.5AI score0.00456EPSS