Xorl

#10285of 53,634
26.9Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2010-5383
7.5
2010-12-07
Cisco · Clamav · CVE-2010-4261
**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.96.5 **Description** The issue is related to an off-by-one error in the icon cb function in pe icons.c in libclamav. This error can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or potentially execute arbitrary code. **Recommendations** For versions prior to 0.96.5, update to version 0.96.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the icon cb function in pe icons.c until the update is applied.
PT-2010-5489
7.5
2010-12-07
Cisco · Clamav · CVE-2010-4479
**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.96.5 **Description** The issue is related to a crafted PDF document that can cause a denial of service or possibly execute arbitrary code. **Recommendations** For versions prior to 0.96.5, update to version 0.96.5 or later to resolve the issue.
PT-2009-5980
7.2
2009-11-06
Linux · Linux Kernel · CVE-2009-3725
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.31.5 **Description** The issue allows local users to bypass intended access restrictions and gain privileges via calls to functions in certain subsystems, including `uvesafb`, `pohmelfs`, `dst`, and `dm`. This is due to the connector layer not requiring the `CAP SYS ADMIN` capability for interaction with these subsystems. **Recommendations** For Linux kernel versions prior to 2.6.31.5, update to version 2.6.31.5 or later to resolve the issue.
PT-2009-5207
4.7
2009-08-18
Linux · Linux Kernel · CVE-2009-2849
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.30.2 **Description** The issue allows local users to cause a denial of service, specifically a NULL pointer dereference, through vectors related to "suspend * sysfs attributes" and the `suspend lo store` or `suspend hi store` functions. This is only considered a vulnerability when sysfs is writable by an attacker. **Recommendations** For Linux kernel versions prior to 2.6.30.2, update to version 2.6.30.2 or later to resolve the issue. As a temporary workaround, consider restricting write access to sysfs to prevent exploitation.