Vulnerabilities > Slackware
|2019-11-21||CVE-2013-7172|| Improper Input Validation vulnerability in Slackware Linux |
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
| 7.2 |
|2019-11-21||CVE-2013-7171|| Improper Input Validation vulnerability in Slackware Linux 14.0/14.1 |
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
| 10.0 |
|2019-11-14||CVE-2019-11135||TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.|| 2.1 |
|2018-05-01||CVE-2018-9336|| Double Free vulnerability in multiple products |
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service.
| 4.6 |
|2018-03-06||CVE-2018-7184||ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.|| 5.0 |
|2018-03-06||CVE-2018-7170|| Unspecified vulnerability in NTP |
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack.
| 3.5 |
|2016-06-09||CVE-2016-4448|| USE of Externally-Controlled Format String vulnerability in multiple products |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
| 10.0 |
|2013-07-29||CVE-2013-4854|| Remote Denial of Service vulnerability in ISC BIND 9 DNS RDATA Handling |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
| 7.8 |
|2007-12-01||CVE-2007-6200|| Permissions, Privileges, and Access Controls vulnerability in Rsync |
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
| 10.0 |
|2007-12-01||CVE-2007-6199|| Configuration vulnerability in Rsync |
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
| 9.3 |