Vulnerabilities > Slackware

DATE CVE VULNERABILITY TITLE RISK
2019-11-21 CVE-2013-7172 Improper Input Validation vulnerability in Slackware Linux
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
local
low complexity
slackware CWE-20
7.2
2019-11-21 CVE-2013-7171 Improper Input Validation vulnerability in Slackware Linux 14.0/14.1
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
network
low complexity
slackware CWE-20
critical
10.0
2019-11-14 CVE-2019-11135 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. 6.5
2018-05-01 CVE-2018-9336 Double Free vulnerability in multiple products
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service.
local
low complexity
openvpn slackware CWE-415
4.6
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.
network
low complexity
ntp synology slackware canonical netapp
5.0
2018-03-06 CVE-2018-7170 Unspecified vulnerability in NTP
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack.
3.5
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8
2013-07-29 CVE-2013-4854 Remote Denial of Service vulnerability in ISC BIND 9 DNS RDATA Handling
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
7.8
2007-12-01 CVE-2007-6200 Permissions, Privileges, and Access Controls vulnerability in Rsync
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
network
low complexity
slackware rsync CWE-264
critical
10.0
2007-12-01 CVE-2007-6199 Configuration vulnerability in Rsync
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
network
slackware rsync CWE-16
critical
9.3