Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-2483 | 5.0 |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
|
23-04-2024 - 19:57 | 25-08-2011 - 14:22 | |
CVE-2012-2143 | 4.3 |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for cont
|
14-03-2024 - 19:59 | 05-07-2012 - 14:55 | |
CVE-2012-3489 | 4.0 |
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or U
|
15-02-2024 - 03:22 | 03-10-2012 - 21:55 | |
CVE-2009-2416 | 4.3 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
|
02-02-2024 - 16:04 | 11-08-2009 - 18:30 | |
CVE-2008-3281 | 4.3 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
|
02-02-2024 - 15:02 | 27-08-2008 - 20:41 | |
CVE-2013-0219 | 3.7 |
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
|
13-02-2023 - 04:38 | 24-02-2013 - 19:55 | |
CVE-2011-3378 | 9.3 |
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a pa
|
13-02-2023 - 04:32 | 24-12-2011 - 19:55 | |
CVE-2011-2511 | 4.0 |
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
|
13-02-2023 - 04:31 | 10-08-2011 - 20:55 | |
CVE-2010-2059 | 7.2 |
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileg
|
13-02-2023 - 04:19 | 08-06-2010 - 18:30 | |
CVE-2008-3529 | 10.0 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
|
13-02-2023 - 02:19 | 12-09-2008 - 16:56 | |
CVE-2009-0036 | 4.4 |
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the pack
|
13-02-2023 - 02:19 | 11-02-2009 - 20:30 | |
CVE-2007-6284 | 5.0 |
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
|
13-02-2023 - 02:18 | 12-01-2008 - 02:46 | |
CVE-2011-1486 | 3.3 |
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
|
13-02-2023 - 01:19 | 31-05-2011 - 20:55 | |
CVE-2011-1146 | 6.9 |
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettac
|
13-02-2023 - 01:19 | 15-03-2011 - 17:55 | |
CVE-2014-0066 | 4.0 |
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to
|
13-02-2023 - 00:31 | 31-03-2014 - 14:58 | |
CVE-2013-6435 | 7.6 |
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the
|
13-02-2023 - 00:29 | 16-12-2014 - 18:59 | |
CVE-2012-0841 | 5.0 |
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
|
13-02-2023 - 00:23 | 21-12-2012 - 05:46 | |
CVE-2007-6601 | 7.2 |
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. N
|
18-01-2023 - 21:19 | 09-01-2008 - 21:46 | |
CVE-2010-2089 | 5.0 |
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arg
|
16-08-2022 - 13:32 | 27-05-2010 - 19:30 | |
CVE-2011-4339 | 3.6 |
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users
|
03-02-2022 - 19:59 | 15-12-2011 - 03:57 | |
CVE-2011-3919 | 7.5 |
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
07-05-2020 - 19:05 | 07-01-2012 - 11:55 | |
CVE-2008-5031 | 10.0 |
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs fun
|
25-10-2019 - 11:53 | 10-11-2008 - 16:15 | |
CVE-2011-1521 | 6.4 |
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (r
|
25-10-2019 - 11:53 | 24-05-2011 - 23:55 | |
CVE-2012-1150 | 5.0 |
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU
|
25-10-2019 - 11:53 | 05-10-2012 - 21:55 | |
CVE-2013-0338 | 4.3 |
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit
|
30-10-2018 - 16:27 | 25-04-2013 - 23:55 | |
CVE-2007-2138 | 6.0 |
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the p
|
19-10-2018 - 18:54 | 24-04-2007 - 20:19 | |
CVE-2007-0556 | 6.6 |
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash)
|
16-10-2018 - 16:33 | 06-02-2007 - 01:28 | |
CVE-2008-2935 | 7.5 |
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attack
|
11-10-2018 - 20:45 | 01-08-2008 - 14:41 | |
CVE-2009-3230 | 6.5 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZAT
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2012-0815 | 6.8 |
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly ha
|
18-01-2018 - 02:29 | 04-06-2012 - 20:55 | |
CVE-2013-1900 | 8.5 |
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat
|
20-10-2017 - 01:29 | 04-04-2013 - 17:55 | |
CVE-2008-4226 | 10.0 |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
CVE-2008-1767 | 7.5 |
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that trigg
|
29-09-2017 - 01:30 | 23-05-2008 - 15:32 | |
CVE-2012-2893 | 6.8 |
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2010-3433 | 6.0 |
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL use
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
CVE-2010-1975 | 5.5 |
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove a
|
19-09-2017 - 01:30 | 19-05-2010 - 18:30 | |
CVE-2012-5134 | 6.8 |
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar
|
29-08-2017 - 01:32 | 28-11-2012 - 01:55 | |
CVE-2012-3547 | 6.8 |
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not af
|
29-08-2017 - 01:31 | 18-09-2012 - 17:55 | |
CVE-2010-4015 | 6.5 |
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a deni
|
17-08-2017 - 01:33 | 02-02-2011 - 01:00 | |
CVE-2014-3660 | 5.0 |
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
|
08-12-2016 - 03:05 | 04-11-2014 - 16:55 | |
CVE-2012-3488 | 4.9 |
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensiti
|
08-12-2016 - 03:02 | 03-10-2012 - 21:55 | |
CVE-2012-0868 | 6.8 |
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object na
|
08-12-2016 - 03:02 | 18-07-2012 - 23:55 | |
CVE-2012-2807 | 6.8 |
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
28-01-2014 - 04:45 | 27-06-2012 - 10:18 | |
CVE-2012-2655 | 4.0 |
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural lan
|
19-04-2013 - 03:22 | 18-07-2012 - 23:55 | |
CVE-2011-4966 | 6.0 |
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired passwo
|
19-03-2013 - 12:35 | 12-03-2013 - 23:55 | |
CVE-2012-2693 | 3.7 |
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to acces
|
15-01-2013 - 04:30 | 17-06-2012 - 03:41 | |
CVE-2010-2242 | 2.1 |
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copyi
|
30-10-2010 - 05:41 | 19-08-2010 - 18:00 |