| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. |
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. |
