11 matches found
CVE-2018-19200
CVE-2018-19200 affects the uriparser library prior to 0.9.0. The vulnerability arises from UriCommon.c handling NULL input, allowing an operation on NULL input via a uriResetUri* function. Public advisories indicate this has been fixed in uriparser 0.9.0 and related security updates across severa...
CVE-2015-2041
CVE-2015-2041 affects Unity Linux kernels (20.1050e/20.1060e/20.1070e) where the Linux kernel before 3.19 contains an error in net/llc/sysctl_net_llc.c using an incorrect data type in a sysctl table. This local information-disclosure flaw allows an unprivileged local user to read potentially sens...
CVE-2011-4613
The CVE-2011-4613 issue affects the X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux, where input TTY verification can bypass access restrictions by misinterpreting stdin as the console TTY. This is a local vulnerability that could allow bypassing restrictions during X sta...
CVE-2015-3332
CVE-2015-3332 affects the Linux kernel TCP Fast Open code before 3.18, where a count is not correctly maintained, allowing a local user to crash the system (DoS) via the Fast Open feature. Demonstrated on certain 3.10.x–3.16.x kernels by visiting chrome://flags/#enable-tcp-fast-open. The issue is...
CVE-2013-6474
CVE-2013-6474 is a heap-based buffer overflow in the pdftoopvp filter within CUPS/cups-filters that allows remote code execution via a crafted PDF. Affected: cups-filters (and CUPS components) prior to version 1.0.47. Impact: arbitrary code execution with lp user privileges as described in the CV...
CVE-2007-6418
CVE-2007-6418 (Debian - dspam): The Debian-provided CRON script for dspam uses the MySQL backend and exposes the dspam password on the command line, enabling a local attacker to read the password and potentially access the dspam database (e-mails, etc.). The issue is fixed in Debian etch via dspa...
CVE-2013-6475
CVE-2013-6475 affects cups-filters (pdftoopvp filter). The connected advisories describe memory handling vulnerabilities in cups-filters that could allow a remote attacker to execute arbitrary code via crafted input, due to issues in the pdftoopvp filter (and related filters like urftopdf). Impac...
CVE-2011-1400
The CVE-2011-1400 issue affects the tex-common package, where the default shell_escape_commands setting in conf/texmf.d/95NonPath.cnf could allow remote code execution via a crafted TeX document. Affected distributions include Debian GNU/Linux squeeze and Ubuntu 10.04/10.10, with tex-common befor...
CVE-2012-2317
CVE-2012-2317 concerns a vulnerability in the Debian/Ubuntu patch for PHP 5.3.x where an empty salt string is not handled properly by the crypt() password hashing path. This could let remote attackers bypass authentication if an application relies on PHP’s crypt() salt selection. Affected package...
CVE-2013-6476
CVE-2013-6476 affects cups-filters (pdftoopvp filter) and its OPVPWrapper.cxx path handling. The root cause is that the pdftoopvp filter did not restrict driver directories, allowing a local attacker to place a Trojan horse driver in the same directory as the PDF to gain privileges. The vulnerabi...
CVE-2009-1573
What is affected. xvfb-run 1.6.1 (Debian/Ubuntu/Fedora and possibly other OSes) has the flaw. The root cause described in the CVE context is that the X11 magic cookie (MCOOKIE) is exposed on the command line, which can be discovered by local users. Impact. Local privilege escalation by listing th...