Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2009-06-08	CVE-2009-1961	Improper Locking vulnerability in multiple products The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. local high complexity linux debian canonical opensuse suse CWE-667	4.7
2009-05-14	CVE-2009-1630	Permissions, Privileges, and Access Controls vulnerability in multiple products The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. local linux opensuse debian canonical vmware CWE-264	4.4
2009-04-09	CVE-2008-2025	Cross-Site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters." network apache novell opensuse CWE-79	4.3
2009-03-11	CVE-2009-0848	OS Command Injection vulnerability in Opensuse 11.0/11.1 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." local opensuse CWE-78	4.4
2008-11-13	CVE-2008-4989	Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). network high complexity gnu fedoraproject canonical debian suse opensuse CWE-295	5.9
2008-09-04	CVE-2007-6716	fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. local low complexity linux canonical debian novell opensuse suse	5.5
2008-06-06	CVE-2008-2389	Link Following vulnerability in Opensuse 10.2 opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. local low complexity opensuse CWE-59	4.9
2008-05-02	CVE-2008-1375	Race Condition vulnerability in multiple products Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. local linux canonical opensuse suse debian fedoraproject CWE-362	6.9
2008-03-31	CVE-2008-1567	Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. local low complexity phpmyadmin debian fedoraproject opensuse CWE-312	5.5