Total
1964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4347 | 4 Linux, Opensuse, Redhat and 1 more | 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more | 2024-08-07 | N/A |
| The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. | ||||
| CVE-2010-4258 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2024-08-07 | N/A |
| The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. | ||||
| CVE-2010-3301 | 4 Canonical, Linux, Redhat and 1 more | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-07 | N/A |
| The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. | ||||
| CVE-2011-4954 | 1 Cobblerd | 1 Cobbler | 2024-08-07 | 7.8 High |
| cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | ||||
| CVE-2011-3898 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet. | ||||
| CVE-2011-3349 | 1 Lightdm Project | 1 Lightdm | 2024-08-06 | 7.8 High |
| lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | ||||
| CVE-2011-3054 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-08-06 | N/A |
| The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2011-2910 | 2 Debian, Linux-ax25 | 2 Debian Linux, Ax25-tools | 2024-08-06 | 6.7 Medium |
| The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. | ||||
| CVE-2011-1526 | 6 Debian, Fedoraproject, Mit and 3 more | 8 Debian Linux, Fedora, Krb5-appl and 5 more | 2024-08-06 | N/A |
| ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | ||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-08-06 | 8.8 High |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | ||||
| CVE-2012-6302 | 1 Soapbox Project | 1 Soapbox | 2024-08-06 | 7.8 High |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | ||||
| CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2024-08-06 | 7.5 High |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | ||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-08-06 | 7.8 High |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | ||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2024-08-06 | 9.6 Critical |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | ||||
| CVE-2012-4761 | 1 Safend | 1 Data Protector Agent | 2024-08-06 | 7.8 High |
| A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | ||||
| CVE-2012-4767 | 1 Safend | 1 Data Protector Agent | 2024-08-06 | 6.1 Medium |
| An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine. | ||||
| CVE-2012-4760 | 1 Safend | 1 Data Protector Agent | 2024-08-06 | 7.8 High |
| A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | ||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2024-08-06 | 7.8 High |
| Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | ||||
| CVE-2012-4480 | 2 Fedoraproject, Ovirt | 2 Fedora, Mom | 2024-08-06 | 7.8 High |
| mom creates world-writable pid files in /var/run | ||||
| CVE-2012-3993 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Seamonkey and 3 more | 2024-08-06 | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||||