Max CVSS 10.0 Min CVSS 1.2 Total Count60
IDCVSSSummaryLast (major) updatePublished
CVE-2017-18240 4.9
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a
18-03-2018 - 22:29 18-03-2018 - 22:29
CVE-2018-1068 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
16-03-2018 - 12:29 16-03-2018 - 12:29
CVE-2018-8087 4.9
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
13-03-2018 - 02:29 13-03-2018 - 02:29
CVE-2017-15130 4.3
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2017-14461 5.5
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs t
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2017-18208 4.9
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
01-03-2018 - 00:29 01-03-2018 - 00:29
CVE-2018-0489 6.4
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonat
27-02-2018 - 10:29 27-02-2018 - 10:29
CVE-2017-18187 7.5
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
14-02-2018 - 12:29 14-02-2018 - 12:29
CVE-2018-0488 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within
13-02-2018 - 10:29 13-02-2018 - 10:29
CVE-2018-0487 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification w
13-02-2018 - 10:29 13-02-2018 - 10:29
CVE-2017-18174 7.5
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
11-02-2018 - 13:29 11-02-2018 - 13:29
CVE-2018-1000026 6.8
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2017-16913 7.1
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a spec
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-16912 7.1
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
31-01-2018 - 17:29 31-01-2018 - 17:29
CVE-2017-15132 5.0
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are re
25-01-2018 - 15:29 25-01-2018 - 15:29
CVE-2018-0486 6.4
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct im
13-01-2018 - 13:29 13-01-2018 - 13:29
CVE-2017-5754 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-5715 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-17975 4.9
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of aud
29-12-2017 - 20:29 29-12-2017 - 20:29
CVE-2017-13166 4.6
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
06-12-2017 - 09:29 06-12-2017 - 09:29
CVE-2017-16820 10.0
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
14-11-2017 - 16:29 14-11-2017 - 16:29
CVE-2017-16644 7.2
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted US
07-11-2017 - 18:29 07-11-2017 - 18:29
CVE-2017-15951 7.2
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly hav
27-10-2017 - 22:29 27-10-2017 - 22:29
CVE-2017-9313 4.3
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to sa
03-07-2017 - 22:29 03-07-2017 - 22:29
CVE-2017-2106 4.3
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-05-2017 - 20:40 28-04-2017 - 12:59
CVE-2014-5139 4.3
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3512 7.5
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2)
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3511 4.3
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3510 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3509 6.8
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwr
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3508 4.3
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attacker
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3507 5.0
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger im
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3506 5.0
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory alloc
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3505 5.0
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that tri
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2004-0583 5.0
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
17-10-2016 - 22:46 06-08-2004 - 00:00
CVE-2004-0582 5.0
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
17-10-2016 - 22:46 06-08-2004 - 00:00
CVE-2003-0101 10.0
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof
17-10-2016 - 22:29 03-03-2003 - 00:00
CVE-2001-1196 10.0
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
17-10-2016 - 22:14 17-12-2001 - 00:00
CVE-2015-2011 9.0
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
05-10-2015 - 16:45 03-10-2015 - 22:59
CVE-2014-0339 4.3
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
24-07-2015 - 14:35 16-03-2014 - 10:06
CVE-2015-1377 4.9
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
11-02-2015 - 14:45 10-02-2015 - 15:59
CVE-2011-1937 4.3
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
21-09-2011 - 23:31 31-05-2011 - 16:55
CVE-2008-0720 4.3
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other c
07-03-2011 - 22:05 11-02-2008 - 21:00
CVE-2006-3274 5.0
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
07-03-2011 - 21:38 28-06-2006 - 18:05
CVE-2005-3912 7.5
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary
07-03-2011 - 21:27 30-11-2005 - 06:03
CVE-2005-3042 7.5
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
07-03-2011 - 21:25 22-09-2005 - 06:03
CVE-2001-0222 1.2
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
07-03-2011 - 21:05 26-03-2001 - 00:00
CVE-2009-4568 4.3
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
24-02-2010 - 02:19 05-01-2010 - 14:00
CVE-1999-1074 7.5
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
09-09-2008 - 08:36 31-12-1999 - 00:00
CVE-2005-1177 10.0
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
05-09-2008 - 16:48 02-05-2005 - 00:00
CVE-2004-1468 7.5
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
05-09-2008 - 16:41 31-12-2004 - 00:00
CVE-2002-2360 9.3
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
05-09-2008 - 16:33 31-12-2002 - 00:00
CVE-2002-2201 10.0
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-1947 6.4
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1673 3.6
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields,
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1672 2.1
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using t
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-0757 7.5
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Use
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0756 7.5
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2001-1530 4.6
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
05-09-2008 - 16:26 31-12-2001 - 00:00
CVE-2001-1074 7.2
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
05-09-2008 - 16:25 28-05-2001 - 00:00
Back to Top Mark selected
Back to Top