Show filters
106 Total Results
Displaying 51-60 of 106
Sort by:
Attacker Value
Unknown
CVE-2009-1961
Disclosure Date: June 08, 2009 (last updated February 16, 2024)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
0
Attacker Value
Unknown
CVE-2009-1955
Disclosure Date: June 08, 2009 (last updated February 03, 2024)
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
0
Attacker Value
Unknown
CVE-2009-1387
Disclosure Date: June 04, 2009 (last updated February 08, 2024)
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
0
Attacker Value
Unknown
CVE-2009-1386
Disclosure Date: June 04, 2009 (last updated February 08, 2024)
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
0
Attacker Value
Unknown
CVE-2009-1633
Disclosure Date: May 28, 2009 (last updated October 04, 2023)
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
0
Attacker Value
Unknown
CVE-2009-1378
Disclosure Date: May 19, 2009 (last updated February 08, 2024)
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
0
Attacker Value
Unknown
CVE-2009-1630
Disclosure Date: May 14, 2009 (last updated October 04, 2023)
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
0
Attacker Value
Unknown
CVE-2008-6792
Disclosure Date: May 07, 2009 (last updated October 04, 2023)
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
0
Attacker Value
Unknown
CVE-2009-1191
Disclosure Date: April 23, 2009 (last updated October 04, 2023)
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
0
Attacker Value
Unknown
CVE-2009-1185
Disclosure Date: April 17, 2009 (last updated October 04, 2023)
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
0