| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-4002 |
|
|
DoS |
2013-07-23 |
2022-05-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. |
|
2 |
CVE-2011-4862 |
120 |
1
|
Exec Code Overflow |
2011-12-25 |
2021-02-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. |
|
3 |
CVE-2011-0762 |
400 |
1
|
DoS |
2011-03-02 |
2021-03-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. |
|
4 |
CVE-2010-4342 |
476 |
|
DoS |
2010-12-30 |
2020-08-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. |
|
5 |
CVE-2010-4258 |
269 |
|
+Priv Bypass |
2010-12-30 |
2020-08-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. |
|
6 |
CVE-2010-4164 |
191 |
|
DoS |
2011-01-03 |
2020-08-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. |
|
7 |
CVE-2010-4160 |
190 |
|
DoS Overflow +Priv Mem. Corr. |
2011-01-07 |
2020-08-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. |
|
8 |
CVE-2010-4158 |
200 |
|
+Info |
2010-12-30 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. |
|
9 |
CVE-2010-4157 |
190 |
|
DoS Overflow Mem. Corr. |
2010-12-10 |
2020-08-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. |
|
10 |
CVE-2010-4083 |
909 |
|
+Info |
2010-11-30 |
2020-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. |
|
11 |
CVE-2010-4081 |
909 |
|
+Info |
2010-11-30 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. |
|
12 |
CVE-2010-4073 |
200 |
|
+Info |
2010-11-29 |
2020-08-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. |
|
13 |
CVE-2010-4072 |
200 |
|
+Info |
2010-11-29 |
2020-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." |
|
14 |
CVE-2010-3876 |
909 |
|
+Info |
2011-01-03 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. |
|
15 |
CVE-2010-3873 |
119 |
|
DoS Overflow Mem. Corr. |
2011-01-03 |
2020-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. |
|
16 |
CVE-2010-3850 |
|
|
Bypass |
2010-12-30 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. |
|
17 |
CVE-2010-3849 |
476 |
|
DoS |
2010-12-30 |
2020-08-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. |
|
18 |
CVE-2010-3848 |
787 |
|
Overflow +Priv |
2010-12-30 |
2020-08-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. |
|
19 |
CVE-2010-3702 |
476 |
|
DoS |
2010-11-05 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. |
|
20 |
CVE-2010-3442 |
190 |
|
DoS Overflow Mem. Corr. |
2010-10-04 |
2020-08-10 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. |
|
21 |
CVE-2010-3437 |
476 |
1
|
DoS +Info |
2010-10-04 |
2020-08-13 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. |
|
22 |
CVE-2010-3067 |
190 |
|
DoS Overflow |
2010-09-21 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. |
|
23 |
CVE-2010-2249 |
401 |
|
DoS |
2010-06-30 |
2020-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. |
|
24 |
CVE-2010-1205 |
120 |
|
Exec Code Overflow |
2010-06-30 |
2020-08-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. |
|
25 |
CVE-2010-0205 |
400 |
|
DoS |
2010-03-03 |
2020-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. |
|
26 |
CVE-2009-3095 |
|
|
Bypass |
2009-09-08 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. |
|
27 |
CVE-2009-2910 |
200 |
|
+Info |
2009-10-20 |
2020-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. |
|
28 |
CVE-2009-2903 |
772 |
|
DoS |
2009-09-15 |
2020-08-06 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. |
|
29 |
CVE-2009-2848 |
269 |
|
DoS +Priv Mem. Corr. |
2009-08-18 |
2020-08-28 |
5.9 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Complete |
|
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. |
|
30 |
CVE-2009-2698 |
476 |
|
DoS +Priv |
2009-08-27 |
2019-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. |
|
31 |
CVE-2009-2625 |
|
|
DoS |
2009-08-06 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. |
|
32 |
CVE-2009-1955 |
|
|
DoS |
2009-06-08 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. |
|
33 |
CVE-2008-1375 |
362 |
|
DoS +Priv |
2008-05-02 |
2020-08-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. |
|
34 |
CVE-2007-6427 |
787 |
|
Exec Code |
2008-01-18 |
2020-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. |
