| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5001 |
CVE-2011-2084 |
200 |
|
+Info |
2012-06-04 |
2012-09-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. |
|
5002 |
CVE-2011-2083 |
79 |
|
XSS |
2012-06-04 |
2012-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
5003 |
CVE-2011-2082 |
255 |
|
|
2012-06-04 |
2012-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. |
|
5004 |
CVE-2011-1941 |
20 |
|
|
2012-01-26 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
5005 |
CVE-2011-1940 |
79 |
|
XSS |
2012-01-26 |
2012-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. |
|
5006 |
CVE-2011-1927 |
|
|
DoS |
2012-06-13 |
2012-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. |
|
5007 |
CVE-2011-1923 |
310 |
|
|
2012-06-20 |
2013-10-24 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095. |
|
5008 |
CVE-2011-1914 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
5009 |
CVE-2011-1833 |
264 |
|
Bypass |
2012-10-03 |
2014-03-08 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. |
|
5010 |
CVE-2011-1779 |
399 |
|
DoS |
2012-04-13 |
2012-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. |
|
5011 |
CVE-2011-1778 |
119 |
|
DoS Exec Code Overflow |
2012-04-13 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. |
|
5012 |
CVE-2011-1777 |
119 |
|
DoS Exec Code Overflow |
2012-04-13 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. |
|
5013 |
CVE-2011-1768 |
362 |
|
DoS |
2012-06-13 |
2012-06-15 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. |
|
5014 |
CVE-2011-1767 |
|
|
DoS |
2012-06-13 |
2012-06-13 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. |
|
5015 |
CVE-2011-1761 |
119 |
1
|
DoS Exec Code Overflow |
2012-06-07 |
2013-09-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information. |
|
5016 |
CVE-2011-1759 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2012-06-13 |
2012-06-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. |
|
5017 |
CVE-2011-1751 |
20 |
|
DoS Exec Code |
2012-06-21 |
2020-11-02 |
7.4 |
None |
Local Network |
Medium |
??? |
Complete |
Complete |
Complete |
|
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." |
|
5018 |
CVE-2011-1750 |
119 |
|
DoS Overflow +Priv |
2012-06-21 |
2017-08-17 |
7.4 |
None |
Local Network |
Medium |
??? |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. |
|
5019 |
CVE-2011-1573 |
682 |
|
DoS |
2012-02-02 |
2020-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. |
|
5020 |
CVE-2011-1493 |
|
|
DoS Mem. Corr. |
2012-06-21 |
2015-05-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. |
|
5021 |
CVE-2011-1479 |
399 |
|
DoS |
2012-06-21 |
2012-06-22 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250. |
|
5022 |
CVE-2011-1477 |
264 |
|
DoS +Priv Mem. Corr. |
2012-06-21 |
2017-11-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. |
|
5023 |
CVE-2011-1476 |
189 |
|
DoS Mem. Corr. |
2012-06-21 |
2015-05-12 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. |
|
5024 |
CVE-2011-1473 |
264 |
|
DoS |
2012-06-16 |
2021-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. |
|
5025 |
CVE-2011-1398 |
20 |
|
Http R.Spl. Bypass |
2012-08-30 |
2013-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. |
|
5026 |
CVE-2011-1397 |
352 |
|
CSRF |
2012-03-13 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. |
|
5027 |
CVE-2011-1396 |
79 |
|
XSS |
2012-03-13 |
2018-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. |
|
5028 |
CVE-2011-1395 |
79 |
|
XSS |
2012-03-13 |
2018-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. |
|
5029 |
CVE-2011-1394 |
399 |
|
DoS |
2012-03-13 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session. |
|
5030 |
CVE-2011-1390 |
89 |
|
Exec Code Sql |
2012-05-14 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. |
|
5031 |
CVE-2011-1389 |
22 |
|
Exec Code Dir. Trav. |
2012-01-19 |
2017-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135. |
|
5032 |
CVE-2011-1386 |
264 |
|
Bypass |
2012-01-04 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. |
|
5033 |
CVE-2011-1385 |
399 |
|
DoS |
2012-03-02 |
2018-01-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. |
|
5034 |
CVE-2011-1384 |
59 |
|
|
2012-01-04 |
2017-08-17 |
4.0 |
None |
Local |
High |
Not required |
None |
Complete |
None |
|
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. |
|
5035 |
CVE-2011-1377 |
|
|
|
2012-01-15 |
2017-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. |
|
5036 |
CVE-2011-1376 |
264 |
|
|
2012-01-19 |
2017-08-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. |
|
5037 |
CVE-2011-1374 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file. |
|
5038 |
CVE-2011-1362 |
79 |
|
XSS |
2012-01-15 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. |
|
5039 |
CVE-2011-1184 |
264 |
|
Bypass |
2012-01-14 |
2019-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. |
|
5040 |
CVE-2011-1162 |
200 |
|
+Info |
2012-01-27 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command. |
|
5041 |
CVE-2011-1160 |
200 |
|
+Info |
2012-06-21 |
2012-06-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. |
|
5042 |
CVE-2011-1096 |
310 |
|
|
2012-11-23 |
2021-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." |
|
5043 |
CVE-2011-1080 |
20 |
|
+Info |
2012-06-21 |
2015-05-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. |
|
5044 |
CVE-2011-1079 |
20 |
|
DoS +Info |
2012-06-21 |
2015-05-06 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
|
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. |
|
5045 |
CVE-2011-1078 |
200 |
|
+Info |
2012-06-21 |
2015-05-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. |
|
5046 |
CVE-2011-1023 |
|
|
DoS |
2012-06-21 |
2012-06-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. |
|
5047 |
CVE-2011-1021 |
264 |
|
|
2012-06-21 |
2012-06-22 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347. |
|
5048 |
CVE-2011-0716 |
399 |
|
DoS Mem. Corr. |
2012-06-21 |
2016-12-07 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface. |
|
5049 |
CVE-2011-0524 |
119 |
|
DoS Overflow |
2012-08-13 |
2013-12-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function. |
|
5050 |
CVE-2011-0523 |
264 |
|
|
2012-08-13 |
2013-12-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. |
