Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-06 | CVE-2011-1776 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. | 6.1 |
| 2011-09-06 | CVE-2011-1771 | NULL Pointer Dereference vulnerability in Linux Kernel The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. | 7.8 |
| 2011-07-21 | CVE-2011-2520 | Deserialization of Untrusted Data vulnerability in multiple products fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | 7.8 |
| 2011-07-18 | CVE-2010-4656 | Out-of-bounds Write vulnerability in multiple products The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | 7.8 |
| 2011-07-18 | CVE-2010-4655 | Improper Initialization vulnerability in multiple products net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | 5.5 |
| 2011-07-17 | CVE-2011-2692 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. | 8.8 |
| 2011-07-17 | CVE-2011-2691 | NULL Pointer Dereference vulnerability in multiple products The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. | 6.5 |
| 2011-07-17 | CVE-2011-2690 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. | 8.8 |
| 2011-07-17 | CVE-2011-2501 | Out-of-bounds Read vulnerability in multiple products The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. | 6.5 |
| 2011-07-13 | CVE-2011-1265 | Code Injection vulnerability in multiple products The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." | 8.8 |