RSS   Vulnerabilities for 'Linux'   RSS

2014-07-29
 
CVE-2014-4909

 

 
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

 
2013-12-13
 
CVE-2013-0348

CWE-264
 

 
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

 
2013-11-17
 
CVE-2013-2032

 

 
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

 
 
CVE-2013-2031

 

 
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

 
2013-10-28
 
CVE-2010-1159

CWE-119
 

 
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

 
2008-03-18
 
CVE-2008-1383

CWE-310
 

 
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

 
2008-02-28
 
CVE-2008-1078

CWE-59
 

 
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

 
2007-03-19
 
CVE-2007-1500

 

 
The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

 
2007-01-24
 
CVE-2007-0476

 

 
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

 
2006-06-13
 
CVE-2006-3005

 

 
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

 


Copyright 2019, cxsecurity.com

 

Back to Top