VIR Vulnerability Intelligence Relay

Search

Found 1,664 results in 236ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2010-2942 medium 5.5 5.5 linux-kernelubuntu ubuntususe suse avaya 16y ago The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which al…
CVE-2010-3069 high 7.5 FIX ubuntu ubuntudebian debian samba 16y ago Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
CVE-2010-1815 medium 6.8 FIX ubuntu ubuntumacos macos webkitgtk 16y ago Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2010-1814 medium 6.8 FIX ubuntu ubuntumacos macos webkitgtk 16y ago WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat…
CVE-2010-1812 medium 6.8 FIX ubuntu ubuntumacos macos webkitgtk 16y ago Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2010-1781 medium 6.8 FIX ubuntu ubuntumacos macos 16y ago Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors…
CVE-2010-2960 high 7.8 7.8 FIX linux-kernelubuntu ubuntususe suse 16y ago The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a deni…
CVE-2010-2955 low 2.1 FIX linux-kernelubuntu ubuntususe suse 16y ago The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users …
CVE-2010-2798 high 7.8 7.8 FIX linux-kerneldebian debianubuntu ubuntu avaya 16y ago The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local user…
CVE-2010-2524 high 7.8 7.8 FIX linux-kernelubuntu ubuntususe suse 16y ago The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the ci…
CVE-2010-2495 critical 10.0 FIX linux-kernelubuntu ubuntususe suse 16y ago The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows …
CVE-2010-2066 medium 5.5 5.5 FIX linux-kernelubuntu ubuntususe suse 16y ago The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as …
CVE-2009-4895 medium 4.7 4.7 FIX linux-kerneldebian debianubuntu ubuntu 16y ago Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or p…
CVE-2010-3259 medium 4.3 FIX ubuntu ubuntumacos macos googlewebkitgtkapple 16y ago WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS …
CVE-2010-3257 critical 9.3 FIX ubuntu ubuntumacos macos googlewebkitgtkapple 16y ago Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute ar…
CVE-2010-3248 medium 5.0 ubuntu ubuntu google 16y ago Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
CVE-2010-2954 medium 4.9 FIX linux-kernelubuntu ubuntususe suse 16y ago The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a d…
CVE-2010-2226 low 2.1 FIX linux-kerneldebian debianubuntu ubuntu 16y ago The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write a…
CVE-2010-3116 critical 10.0 FIX ubuntu ubuntumacos macos googleapplewebkitgtk 16y ago Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to…
CVE-2010-3115 medium 5.0 ubuntu ubuntu googlewebkitgtk 16y ago Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
CVE-2010-3114 critical 10.0 ubuntu ubuntu googlewebkitgtk 16y ago The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors r…
CVE-2010-3113 critical 10.0 ubuntu ubuntu googlewebkitgtk 16y ago Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have u…
CVE-2010-2808 medium 6.8 FIX debian debianmacos macosubuntu ubuntu freetype 16y ago Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or poss…
CVE-2010-2807 medium 6.8 FIX debian debianmacos macosubuntu ubuntu freetype 16y ago FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…
CVE-2010-2806 medium 6.8 FIX debian debianmacos macosubuntu ubuntu freetype 16y ago Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary …
CVE-2010-2805 medium 6.8 FIX debian debianmacos macosubuntu ubuntu freetype 16y ago The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (applicati…
CVE-2010-2541 medium 6.8 FIX debian debianubuntu ubuntu freetype 16y ago Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra…
CVE-2010-2527 medium 6.8 FIX debian debianubuntu ubuntu freetype 16y ago Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2520 medium 5.1 FIX debian debianubuntu ubuntumacos macos freetype 16y ago Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (ap…
CVE-2010-2519 medium 6.8 FIX debian debianubuntu ubuntumacos macos freetype 16y ago Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execut…
CVE-2010-2500 medium 6.8 FIX debian debianubuntu ubuntumacos macos freetype 16y ago Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary c…
CVE-2010-2499 medium 6.8 FIX debian debianubuntu ubuntumacos macos freetype 16y ago Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…
CVE-2010-2498 medium 6.8 FIX debian debianubuntu ubuntumacos macos freetype 16y ago The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap me…
CVE-2010-0834 critical 9.3 FIX debian debianubuntu ubuntu 16y ago The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for packag…
CVE-2010-2008 low 4.5 EXP ubuntu ubuntufedora fedora oracle 16y ago MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# strin…
CVE-2010-0832 medium 7.9 EXPFIX ubuntu ubuntudebian debian 16y ago pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the own…
CVE-2010-2648 critical 9.3 suse suseubuntu ubuntu google 16y ago The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or po…
CVE-2010-2647 critical 9.3 ubuntu ubuntu google 16y ago Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
CVE-2010-2249 medium 6.5 6.5 FIX macos macossuse susedebian debian libpngapplevmware 16y ago Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing m…
CVE-2010-1205 critical 9.8 10.0 EXPFIX macos macossuse susedebian debian libpnggoogleapple 16y ago Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers…
CVE-2010-2067 medium 6.8 FIX ubuntu ubuntudebian debian libtiff 16y ago Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly exec…
CVE-2010-2063 high 8.5 EXPFIX ubuntu ubuntudebian debian samba 16y ago Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory c…
CVE-2010-1770 critical 9.3 macos macoswindows windowsubuntu ubuntu applegoogle 16y ago WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of…
CVE-2010-0395 critical 9.3 fedora fedoraubuntu ubuntudebian debian apache 16y ago OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file…
CVE-2010-1634 medium 5.0 FIX suse suseubuntu ubuntufedora fedora python 16y ago Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment,…
CVE-2010-1321 medium 6.8 FIX debian debiansuse suseubuntu ubuntu mitoracle 16y ago The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not pr…
CVE-2010-1624 medium 5.0 FIX ubuntu ubuntudebian debian pidgin 16y ago The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and appl…
CVE-2010-0629 medium 6.5 6.5 FIX debian debianfedora fedorasuse suse mit 16y ago Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) vi…
CVE-2010-1187 medium 4.9 linux-kernelubuntu ubuntudebian debian 16y ago The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) …
CVE-2010-0050 high 8.8 9.8 EXPFIX ubuntu ubuntufedora fedoramacos macos apple 17y ago Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improp…
CVE-2010-0302 high 7.5 7.5 FIX debian debianubuntu ubuntufedora fedora apple 17y ago Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epol…
CVE-2010-0205 medium 4.3 FIX ubuntu ubuntudebian debianfedora fedora libpng 17y ago The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a dispropo…
CVE-2010-0410 medium 4.9 FIX ubuntu ubuntudebian debian linux-kernel 17y ago drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR me…
CVE-2010-0159 critical 10.0 ubuntu ubuntudebian debian mozilla 17y ago The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory cor…
CVE-2010-0650 low 2.6 ubuntu ubuntu googleapple 17y ago WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
CVE-2010-0307 medium 5.7 EXPFIX ubuntu ubuntudebian debian linux-kernel 17y ago The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY m…
CVE-2010-0136 critical 9.3 ubuntu ubuntudebian debian apache 17y ago OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted…
CVE-2009-3302 critical 9.3 ubuntu ubuntudebian debian apache 17y ago filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table p…
CVE-2009-3301 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafte…
CVE-2009-2950 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service…
CVE-2009-2949 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that…
CVE-2010-0623 medium 4.9 FIX ubuntu ubuntu linux-kernelsuse suse 17y ago The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via…
CVE-2009-4013 critical 9.8 9.8 FIX debian debianubuntu ubuntu debian 17y ago Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive i…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…