Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-17 | CVE-2011-4621 | Infinite Loop vulnerability in Linux Kernel The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. | 5.5 |
| 2012-05-17 | CVE-2011-4594 | NULL Pointer Dereference vulnerability in Linux Kernel The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. | 5.5 |
| 2012-05-17 | CVE-2011-4112 | The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | 5.5 |
| 2012-05-17 | CVE-2011-4097 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | 5.5 |
| 2012-05-17 | CVE-2011-3637 | NULL Pointer Dereference vulnerability in multiple products The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. | 5.5 |
| 2012-02-02 | CVE-2011-1573 | Incorrect Calculation vulnerability in Linux Kernel net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. | 5.9 |
| 2012-01-28 | CVE-2012-0930 | Cross-site Scripting vulnerability in Schneider-Electric Modicon Quantum PLC Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2011-12-30 | CVE-2011-4461 | Cryptographic Issues vulnerability in multiple products Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.3 |
| 2011-11-17 | CVE-2011-4107 | XXE vulnerability in multiple products The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | 6.5 |
| 2011-09-06 | CVE-2011-1776 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. | 6.1 |