The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.11.4 |
| linux | linux_kernel | 2.6.11.5 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.12.1 |
| linux | linux_kernel | 2.6.11.12 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6.13.2 |
| canonical | ubuntu_linux | 4.10 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.6.7 |
| mandriva | linux | 10.2 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.11.10 |
| linux | linux_kernel | 2.6.11.1 |
| mandriva | linux | 2006.0 |
| debian | debian_linux | 3.1 |
| linux | linux_kernel | 2.6.11.7 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12.4 |
| linux | linux_kernel | * |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.11.2 |
| linux | linux_kernel | 2.6.12.6 |
| linux | linux_kernel | 2.6.13 |
| linux | linux_kernel | 2.6.12.3 |
| linux | linux_kernel | 2.6.11.6 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.11.11 |
| linux | linux_kernel | 2.6.12.5 |
| linux | linux_kernel | 2.6.13.1 |
| linux | linux_kernel | 2.6.11.8 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.11.3 |
| linux | linux_kernel | 2.6.12.2 |
| linux | linux_kernel | 2.6.8.1 |
| canonical | ubuntu_linux | 5.04 |
| mandriva | linux | 10.1 |
| linux | linux_kernel | 2.6.11.9 |
| linux | linux_kernel | 2.6.11 |
| linux | linux_kernel | 2.6.6 |
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ffmpeg | ffmpeg | 0.4.4 |
| mandriva | linux | 2010.0 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | 0.5.2 |
| mandriva | linux | 2010.1 |
| mplayerhq | mplayer | 1.0 |
| mandriva | corporate_server | 4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.4.3 |
| mandriva | linux | 2009.0 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.4.0 |
| mandriva | enterprise_server | 5 |
| ffmpeg | ffmpeg | 0.4.6 |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| isc | dnsco_bind | 9.9.4 |
| slackware | slackware_linux | 13.0 |
| isc | bind | 9.7.5 |
| isc | bind | 9.8.3 |
| hp | hp-ux | b.11.31 |
| isc | bind | 9.8.4 |
| freebsd | freebsd | 9.2 |
| mandriva | enterprise_server | 5.0 |
| isc | bind | 9.9.3 |
| slackware | slackware_linux | 13.1 |
| freebsd | freebsd | 9.1 |
| isc | bind | 9.7.1 |
| isc | dnsco_bind | 9.9.3 |
| slackware | slackware_linux | 12.2 |
| isc | bind | 9.7.6 |
| suse | suse_linux_enterprise_software_development_kit | 11.0 |
| isc | bind | 9.8.0 |
| freebsd | freebsd | 8.0 |
| isc | bind | 9.7.3 |
| fedoraproject | fedora | 19 |
| isc | bind | 9.9.1 |
| isc | bind | 9.7.4 |
| slackware | slackware_linux | 13.37 |
| freebsd | freebsd | 8.3 |
| isc | bind | 9.7.0 |
| isc | bind | 9.8.2 |
| freebsd | freebsd | 8.4 |
| freebsd | freebsd | 8.2 |
| isc | bind | 9.9.2 |
| freebsd | freebsd | 9.0 |
| isc | bind | 9.9.0 |
| fedoraproject | fedora | 18 |
| isc | bind | 9.8.5 |
| slackware | slackware_linux | 12.1 |
| opensuse | opensuse | 11.4 |
| novell | suse_linux | 11 |
| redhat | enterprise_linux | 6.0 |
| isc | bind | 9.7.7 |
| isc | bind | 9.7.2 |
| isc | bind | 9.8.6 |
| mandriva | business_server | 1.0 |
| redhat | enterprise_linux | 5 |
| freebsd | freebsd | 8.1 |
| isc | bind | 9.8.1 |