Redhat » Enterprise Linux Workstation : Security Vulnerabilities, CVEs, Published In October 2009
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
Max CVSS
9.9
EPSS Score
0.36%
Published
2009-10-23
Updated
2024-02-15
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-10-19
Updated
2020-08-13
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-10-20
Updated
2023-02-13
3 vulnerabilities found