Max CVSS 8.5 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-2143 4.3
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for cont
14-03-2024 - 19:59 05-07-2012 - 14:55
CVE-2009-0115 7.2
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket
16-02-2024 - 20:28 30-03-2009 - 16:30
CVE-2010-0211 5.0
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code
21-01-2024 - 01:35 28-07-2010 - 12:48
CVE-2011-2200 4.6
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (
27-12-2023 - 16:36 22-06-2011 - 22:55
CVE-2011-2483 5.0
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
25-10-2023 - 20:23 25-08-2011 - 14:22
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
12-09-2023 - 14:55 15-10-2014 - 00:55
CVE-2015-2808 5.0
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial
07-09-2023 - 17:15 01-04-2015 - 02:00
CVE-2013-6629 5.0
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of s
21-06-2023 - 18:19 19-11-2013 - 04:50
CVE-2012-3417 4.0
The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
13-02-2023 - 04:34 13-08-2012 - 20:55
CVE-2010-4530 4.4
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card
13-02-2023 - 03:20 18-01-2011 - 18:03
CVE-2010-0001 6.8
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra
13-02-2023 - 02:20 29-01-2010 - 18:30
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
13-02-2023 - 02:19 17-04-2009 - 14:30
CVE-2009-1189 3.6
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an
13-02-2023 - 02:19 27-04-2009 - 18:00
CVE-2014-8159 6.9
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary p
13-02-2023 - 00:43 16-03-2015 - 10:59
CVE-2014-0064 6.5
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact an
13-02-2023 - 00:31 31-03-2014 - 14:58
CVE-2014-0066 4.0
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to
13-02-2023 - 00:31 31-03-2014 - 14:58
CVE-2014-0063 6.5
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrar
13-02-2023 - 00:31 31-03-2014 - 14:58
CVE-2013-6435 7.6
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the
13-02-2023 - 00:29 16-12-2014 - 18:59
CVE-1999-0524 2.1
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
14-11-2022 - 19:33 01-08-1997 - 04:00
CVE-2011-0411 6.8
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sess
10-08-2021 - 12:15 16-03-2011 - 22:55
CVE-2007-4476 7.5
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
17-05-2021 - 19:55 05-09-2007 - 01:17
CVE-2013-2566 4.3
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that u
23-11-2020 - 19:48 15-03-2013 - 21:55
CVE-2014-4345 8.5
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authe
21-01-2020 - 15:46 14-08-2014 - 05:01
CVE-2007-4772 4.0
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg
09-10-2019 - 22:53 09-01-2008 - 21:46
CVE-2014-8867 4.9
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) v
30-10-2018 - 16:27 01-12-2014 - 15:59
CVE-2013-4242 1.9
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
30-10-2018 - 16:27 19-08-2013 - 23:55
CVE-2007-6067 6.8
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of se
15-10-2018 - 21:49 09-01-2008 - 21:46
CVE-2008-5161 2.6
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server f
11-10-2018 - 20:54 19-11-2008 - 17:30
CVE-2008-5303 6.9
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
11-10-2018 - 20:54 01-12-2008 - 17:30
CVE-2008-5302 6.9
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
11-10-2018 - 20:54 01-12-2008 - 17:30
CVE-2008-2937 1.9
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account nam
11-10-2018 - 20:45 18-08-2008 - 19:41
CVE-2010-0624 6.8
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
10-10-2018 - 19:53 15-03-2010 - 13:28
CVE-2010-0212 5.0
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5St
10-10-2018 - 19:51 28-07-2010 - 12:48
CVE-2011-1720 6.8
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows
09-10-2018 - 19:31 13-05-2011 - 17:05
CVE-2014-0060 4.0
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary user
16-12-2017 - 02:29 31-03-2014 - 14:58
CVE-2014-0065 6.5
Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than
16-12-2017 - 02:29 31-03-2014 - 14:58
CVE-2014-0062 4.9
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthori
16-12-2017 - 02:29 31-03-2014 - 14:58
CVE-2014-0061 6.5
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1
16-12-2017 - 02:29 31-03-2014 - 14:58
CVE-2009-1632 5.0
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x
29-09-2017 - 01:34 14-05-2009 - 17:30
CVE-2009-1574 5.0
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
29-09-2017 - 01:34 06-05-2009 - 17:30
CVE-2008-3834 2.1
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
29-09-2017 - 01:31 07-10-2008 - 21:01
CVE-2013-1667 7.5
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
19-09-2017 - 01:36 14-03-2013 - 03:13
CVE-2011-3597 7.5
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
19-09-2017 - 01:34 13-01-2012 - 18:55
CVE-2010-3433 6.0
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL use
19-09-2017 - 01:31 06-10-2010 - 17:00
CVE-2010-1447 8.5
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows
19-09-2017 - 01:30 19-05-2010 - 18:30
CVE-2010-1168 7.5
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
19-09-2017 - 01:30 21-06-2010 - 16:30
CVE-2010-0826 1.9
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid
19-09-2017 - 01:30 05-04-2010 - 15:30
CVE-2009-2905 4.6
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
19-09-2017 - 01:29 29-09-2009 - 19:30
CVE-2009-3736 6.9
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
19-09-2017 - 01:29 29-11-2009 - 13:07
CVE-2009-3490 6.8
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a leg
19-09-2017 - 01:29 30-09-2009 - 15:30
CVE-2013-0292 7.2
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
29-08-2017 - 01:33 05-03-2013 - 21:38
CVE-2012-6151 4.3
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout
29-08-2017 - 01:32 13-12-2013 - 18:55
CVE-2012-5526 5.0
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
29-08-2017 - 01:32 21-11-2012 - 23:55
CVE-2010-4015 6.5
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a deni
17-08-2017 - 01:33 02-02-2011 - 01:00
CVE-2011-1081 5.0
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
17-08-2017 - 01:33 20-03-2011 - 02:00
CVE-2011-0002 6.4
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
17-08-2017 - 01:33 22-01-2011 - 22:00
CVE-2010-1172 3.6
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceK
17-08-2017 - 01:32 20-08-2010 - 18:00
CVE-2011-1024 4.6
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program aut
07-01-2017 - 02:59 20-03-2011 - 02:00
CVE-2011-1025 6.8
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
07-01-2017 - 02:59 20-03-2011 - 02:00
CVE-2014-3660 5.0
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
08-12-2016 - 03:05 04-11-2014 - 16:55
CVE-2014-2285 4.3
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP
08-12-2016 - 03:05 27-04-2014 - 22:55
CVE-2013-4449 4.3
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to f
08-12-2016 - 03:03 05-02-2014 - 18:55
CVE-2012-6329 7.5
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers t
08-12-2016 - 03:02 04-01-2013 - 21:55
CVE-2012-5195 7.5
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possib
08-12-2016 - 03:02 18-12-2012 - 00:55
CVE-2012-3488 4.9
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensiti
08-12-2016 - 03:02 03-10-2012 - 21:55
CVE-2012-2697 4.9
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based
08-12-2016 - 03:02 24-02-2013 - 21:55
CVE-2012-0868 6.8
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object na
08-12-2016 - 03:02 18-07-2012 - 23:55
CVE-2012-0866 6.5
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to
08-12-2016 - 03:02 18-07-2012 - 23:55
CVE-2010-4352 2.1
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
08-12-2016 - 03:01 30-12-2010 - 19:00
CVE-2010-4410 4.3
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related
08-12-2016 - 03:01 06-12-2010 - 20:13
CVE-2009-4901 2.1
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is i
08-12-2016 - 03:01 18-06-2010 - 16:30
CVE-2010-2761 4.3
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP h
08-12-2016 - 03:01 06-12-2010 - 20:12
CVE-2010-0407 6.8
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshal
08-12-2016 - 03:01 18-06-2010 - 16:30
Back to Top Mark selected
Back to Top