| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-5594 |
352 |
|
CSRF |
2007-10-19 |
2021-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack. |
|
2 |
CVE-2007-6283 |
200 |
|
DoS +Info |
2007-12-18 |
2022-02-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
|
3 |
CVE-2008-0595 |
863 |
|
Bypass |
2008-02-29 |
2022-02-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. |
|
4 |
CVE-2008-2944 |
415 |
|
DoS |
2008-06-30 |
2022-02-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365. |
|
5 |
CVE-2008-3218 |
79 |
|
XSS |
2008-07-18 |
2021-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. |
|
6 |
CVE-2008-3219 |
79 |
|
XSS |
2008-07-18 |
2021-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. |
|
7 |
CVE-2008-3220 |
352 |
|
CSRF |
2008-07-18 |
2021-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." |
|
8 |
CVE-2008-3221 |
352 |
|
CSRF |
2008-07-18 |
2021-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. |
|
9 |
CVE-2009-1186 |
120 |
|
DoS Overflow |
2009-04-17 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. |
|
10 |
CVE-2009-1242 |
20 |
|
DoS |
2009-04-06 |
2020-08-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. |
|
11 |
CVE-2009-1903 |
|
|
DoS XSS |
2009-06-03 |
2021-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. |
|
12 |
CVE-2009-2472 |
79 |
|
XSS Bypass |
2009-07-22 |
2021-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." |
|
13 |
CVE-2009-2910 |
200 |
|
+Info |
2009-10-20 |
2020-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. |
|
14 |
CVE-2009-3612 |
200 |
|
+Info |
2009-10-19 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
|
15 |
CVE-2009-3621 |
400 |
|
DoS |
2009-10-22 |
2020-08-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. |
|
16 |
CVE-2009-3767 |
295 |
|
|
2009-10-23 |
2020-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
17 |
CVE-2009-4135 |
59 |
|
+Priv |
2009-12-11 |
2017-08-17 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. |
|
18 |
CVE-2010-0014 |
287 |
|
Bypass |
2010-01-14 |
2010-01-15 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. |
|
19 |
CVE-2010-0205 |
400 |
|
DoS |
2010-03-03 |
2020-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. |
|
20 |
CVE-2010-2008 |
77 |
|
DoS |
2010-07-13 |
2020-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. |
|
21 |
CVE-2010-2249 |
401 |
|
DoS |
2010-06-30 |
2020-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. |
|
22 |
CVE-2010-3282 |
312 |
|
+Info |
2020-01-09 |
2020-01-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. |
|
23 |
CVE-2010-3439 |
20 |
|
|
2019-11-12 |
2019-11-14 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. |
|
24 |
CVE-2010-3442 |
190 |
|
DoS Overflow Mem. Corr. |
2010-10-04 |
2020-08-10 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. |
|
25 |
CVE-2010-3698 |
400 |
|
DoS |
2010-11-26 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). |
|
26 |
CVE-2010-3874 |
787 |
|
DoS Overflow Mem. Corr. |
2010-12-29 |
2020-08-14 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. |
|
27 |
CVE-2010-4158 |
200 |
|
+Info |
2010-12-30 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. |
|
28 |
CVE-2010-4162 |
190 |
|
DoS Overflow |
2011-01-03 |
2020-08-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. |
|
29 |
CVE-2010-4169 |
416 |
|
DoS |
2010-11-22 |
2020-08-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. |
|
30 |
CVE-2010-4177 |
319 |
|
|
2019-11-12 |
2019-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. |
|
31 |
CVE-2010-4178 |
522 |
|
|
2019-11-06 |
2019-11-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console |
|
32 |
CVE-2010-4249 |
400 |
1
|
DoS |
2010-11-29 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. |
|
33 |
CVE-2010-4341 |
399 |
|
DoS |
2011-01-25 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. |
|
34 |
CVE-2010-4661 |
434 |
|
|
2019-11-13 |
2019-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. |
|
35 |
CVE-2010-5109 |
189 |
|
DoS Overflow |
2014-05-05 |
2014-05-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. |
|
36 |
CVE-2011-0022 |
399 |
|
DoS |
2011-02-23 |
2011-03-31 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. |
|
37 |
CVE-2011-0704 |
20 |
|
DoS |
2018-05-04 |
2018-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. |
|
38 |
CVE-2011-0762 |
400 |
1
|
DoS |
2011-03-02 |
2021-03-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. |
|
39 |
CVE-2011-1758 |
287 |
|
Bypass |
2011-05-26 |
2011-05-27 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. |
|
40 |
CVE-2011-1783 |
|
|
DoS |
2011-06-06 |
2020-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. |
|
41 |
CVE-2011-1943 |
532 |
|
+Info |
2011-06-14 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. |
|
42 |
CVE-2011-2192 |
255 |
|
|
2011-07-07 |
2020-05-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. |
|
43 |
CVE-2011-2501 |
125 |
|
DoS |
2011-07-17 |
2020-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. |
|
44 |
CVE-2011-2691 |
476 |
|
DoS |
2011-07-17 |
2020-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. |
|
45 |
CVE-2011-2924 |
59 |
|
|
2019-11-19 |
2019-11-25 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. |
|
46 |
CVE-2011-4930 |
134 |
|
DoS Exec Code |
2014-02-10 |
2014-02-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. |
|
47 |
CVE-2011-5268 |
310 |
|
DoS |
2013-12-24 |
2014-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue. |
|
48 |
CVE-2012-0049 |
400 |
|
DoS |
2019-11-07 |
2019-11-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |
|
49 |
CVE-2012-0833 |
264 |
|
DoS |
2012-07-03 |
2012-07-17 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
None |
Partial |
|
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. |
|
50 |
CVE-2012-1105 |
200 |
|
+Info |
2019-12-05 |
2019-12-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. |
