Vulnerabilities (CVE)

Vendor filter

Slackware Subscribe

Filter

54 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-7170 4 Ntp, Synology, Slackware and 1 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-10-03 3.5
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via...
CVE-2016-4448 11 Apple, Slackware, Oracle and 8 more 31 Libxml2, Tvos, Suse Linux Enterprise Software Development Kit and 28 more 2019-09-25 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2013-4854 10 Slackware, Freebsd, Redhat and 7 more 13 Hp-ux, Dnsco Bind, Enterprise Linux and 10 more 2019-04-22 7.8
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service...
CVE-2018-7185 5 Ntp, Synology, Slackware and 2 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-02-28 5.0
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved...
CVE-2018-7184 5 Ntp, Synology, Slackware and 2 more 10 Ntp, Diskstation Manager, Router Manager and 7 more 2019-02-28 5.0
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to...
CVE-2000-0844 13 Turbolinux, Conectiva, Slackware and 10 more 16 Aix, Solaris, Openlinux Eserver and 13 more 2018-10-30 10.0
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-2005-3626 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-3625 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 10.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode...
CVE-2005-3624 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to...
CVE-2006-6235 6 Ubuntu, Slackware, Gpg4win and 3 more 9 Linux Advanced Workstation, Gpg4win, Enterprise Linux Desktop and 6 more 2018-10-17 10.0
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from...
CVE-2007-1352 8 Turbolinux, Ubuntu, X.org and 5 more 12 Mandrake Multi Network Firewall, Linux Advanced Workstation, Enterprise Linux Desktop and 9 more 2018-10-16 3.8
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
CVE-2018-9336 2 Openvpn, Slackware 2 Openvpn, Slackware Linux 2018-06-13 4.6
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through...
CVE-2004-0424 3 Slackware, Linux, Sgi 3 Propack, Linux Kernel, Slackware Linux 2018-05-03 7.2
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
CVE-2003-0962 4 Slackware, Andrew Tridgell, Engardelinux and 1 more 5 Secure Linux, Rsync, Rsync and 2 more 2018-05-03 7.5
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
CVE-2000-0867 5 Slackware, Mandrakesoft, Debian and 2 more 5 Debian Linux, Linux, Mandrake Linux and 2 more 2018-05-03 7.2
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVE-1999-1187 3 Slackware, University Of Washington, Freebsd 3 Freebsd, Pine, Slackware Linux 2017-12-19 4.6
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
CVE-2004-0891 4 Gentoo, Slackware, Rob Flynn and 1 more 4 Gaim, Ubuntu Linux, Slackware Linux and 1 more 2017-10-11 10.0
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an...
CVE-2004-0233 3 Slackware, Utempter, Sgi 3 Propack, Utempter, Slackware Linux 2017-10-11 2.1
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVE-2003-0977 2 Slackware, Cvs 2 Cvs, Slackware Linux 2017-10-11 7.5
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
CVE-2003-0195 1 Slackware 1 Slackware Linux 2017-10-11 5.0
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.