9 matches found
CVE-2018-19139
CVE-2018-19139 affects JasPer 2.0.14 with a memory leak in jas_malloc.c (called from jpc_unk_getparms in jpc_cs.c). Public details in the initial document confirm the memory leak, while connected entries corroborate that multiple vendors/distributions have published fixes or mitigations. Practica...
CVE-2009-3080
CVE-2009-3080 affects the Linux kernel gdth driver (gdth_read_event in drivers/scsi/gdth.c). In kernels before 2.6.32-rc8, a negative event index in an IOCTL can allow local users to cause a denial of service or potentially gain privileges. MiracleLinux advisories cite this CVE as part of affecte...
CVE-2007-5962
CVE-2007-5962 describes a memory-leak vulnerability in vsftpd triggered by a large number of CWD commands when the deny_file option is set. The issue affects vsftpd 2.0.5 on Red Hat Enterprise Linux 5 and Fedora 6–8, as well as Foresight Linux and rPath appliances. Remote attackers could cause de...
CVE-2007-6284
CVE-2007-6284 describes a denial-of-service vulnerability in libxml2 where the function xmlCurrentChar() mishandles certain UTF-8 sequences, allowing context-dependent attackers to cause an infinite loop or high CPU consumption when parsing XML. The issue is triggered by malformed XML content and...
CVE-2011-1011
CVE-2011-1011 affects the seunshare_mount path in the policycoreutils seunshare sandbox. The vulnerability arises when seunshare mounts a new /tmp directory without root ownership and the sticky bit, allowing a local user to overwrite or delete arbitrary /tmp files and potentially escalate privil...
CVE-2008-3524
CVE-2008-3524 : The initscripts package (rc.sysinit) vulnerability allows local users to delete arbitrary files via a symlink attack on files under /var/lock or /var/run. Affected: initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms. Root cause implied: race/symlink handling in rc.s...
CVE-2009-1573
What is affected. xvfb-run 1.6.1 (Debian/Ubuntu/Fedora and possibly other OSes) has the flaw. The root cause described in the CVE context is that the X11 magic cookie (MCOOKIE) is exposed on the command line, which can be discovered by local users. Impact. Local privilege escalation by listing th...
CVE-2007-4134
CVE-2007-4134 affects the Star archiver. A directory traversal defect in extract.c (Star) before version 1.5a84 lets remote users craft tar archives containing //.. sequences in directory symlinks, enabling overwriting of arbitrary files on the host with the permissions of the user running Star. ...
CVE-2008-3832
CVE-2008-3832 affects Fedora 8/9 Linux kernels patched for the utrace subsystem: a NULL pointer dereference in the utrace_control path can be triggered locally, causing a denial of service (kernel crash/hang). The vulnerable configurations are Fedora 8 before 2.6.26.5-28 and Fedora 9 before 2.6.2...