| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-4604 |
787 |
1
|
Overflow +Priv |
2010-12-29 |
2022-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe. |
|
2 |
CVE-2010-4599 |
|
|
+Priv |
2010-12-23 |
2011-01-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
3 |
CVE-2010-4408 |
79 |
|
+Priv XSS CSRF |
2010-12-06 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449. |
|
4 |
CVE-2010-4398 |
119 |
1
|
Overflow +Priv Bypass |
2010-12-06 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." |
|
5 |
CVE-2010-4347 |
269 |
1
|
+Priv |
2010-12-22 |
2023-02-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. |
|
6 |
CVE-2010-4345 |
264 |
1
|
+Priv |
2010-12-14 |
2023-02-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. |
|
7 |
CVE-2010-4297 |
20 |
|
+Priv |
2010-12-06 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. |
|
8 |
CVE-2010-4296 |
863 |
|
+Priv |
2010-12-06 |
2022-12-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. |
|
9 |
CVE-2010-4295 |
362 |
|
+Priv |
2010-12-06 |
2022-12-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. |
|
10 |
CVE-2010-4274 |
264 |
|
+Priv |
2010-11-17 |
2017-08-17 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. |
|
11 |
CVE-2010-4258 |
269 |
|
+Priv Bypass |
2010-12-30 |
2023-02-13 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. |
|
12 |
CVE-2010-4236 |
|
1
|
+Priv |
2010-11-12 |
2018-10-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. |
|
13 |
CVE-2010-4215 |
264 |
|
+Priv |
2010-11-17 |
2017-08-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. |
|
14 |
CVE-2010-4170 |
264 |
1
|
+Priv |
2010-12-07 |
2023-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. |
|
15 |
CVE-2010-4167 |
|
|
+Priv |
2010-11-22 |
2018-01-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. |
|
16 |
CVE-2010-4159 |
|
|
+Priv |
2010-11-17 |
2010-12-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
17 |
CVE-2010-4115 |
255 |
|
+Priv |
2010-12-17 |
2018-10-10 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges. |
|
18 |
CVE-2010-4110 |
|
|
DoS +Priv |
2010-12-22 |
2011-01-11 |
5.7 |
None |
Local |
Low |
??? |
Partial |
Partial |
Complete |
|
Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. |
|
19 |
CVE-2010-4031 |
|
|
+Priv |
2010-11-02 |
2017-08-17 |
8.0 |
None |
Remote |
Low |
??? |
Partial |
Complete |
Partial |
|
Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. |
|
20 |
CVE-2010-4026 |
|
|
+Priv |
2010-10-28 |
2010-11-11 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. |
|
21 |
CVE-2010-4020 |
310 |
|
+Priv |
2010-12-02 |
2020-01-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. |
|
22 |
CVE-2010-4005 |
94 |
|
+Priv |
2010-11-06 |
2011-03-01 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. |
|
23 |
CVE-2010-4001 |
264 |
|
+Priv |
2010-11-06 |
2011-09-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script. |
|
24 |
CVE-2010-4000 |
264 |
|
+Priv |
2010-11-06 |
2010-11-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
25 |
CVE-2010-3999 |
|
|
+Priv |
2010-11-05 |
2010-12-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
26 |
CVE-2010-3998 |
|
|
+Priv |
2010-11-06 |
2011-09-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH. |
|
27 |
CVE-2010-3996 |
|
|
+Priv |
2010-11-05 |
2011-01-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
28 |
CVE-2010-3992 |
|
|
+Priv |
2010-10-28 |
2010-11-11 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors. |
|
29 |
CVE-2010-3983 |
264 |
|
+Priv |
2010-10-18 |
2010-11-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. |
|
30 |
CVE-2010-3967 |
|
|
+Priv |
2010-12-16 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." |
|
31 |
CVE-2010-3966 |
|
|
+Priv |
2010-12-16 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." |
|
32 |
CVE-2010-3965 |
|
|
+Priv |
2010-12-16 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." |
|
33 |
CVE-2010-3963 |
119 |
|
Overflow +Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." |
|
34 |
CVE-2010-3961 |
264 |
|
+Priv |
2010-12-16 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." |
|
35 |
CVE-2010-3959 |
94 |
|
+Priv |
2010-12-16 |
2019-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." |
|
36 |
CVE-2010-3957 |
399 |
|
+Priv |
2010-12-16 |
2019-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." |
|
37 |
CVE-2010-3956 |
94 |
|
+Priv |
2010-12-16 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." |
|
38 |
CVE-2010-3944 |
20 |
|
+Priv Mem. Corr. |
2010-12-16 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." |
|
39 |
CVE-2010-3943 |
264 |
|
+Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." |
|
40 |
CVE-2010-3942 |
119 |
|
Overflow +Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." |
|
41 |
CVE-2010-3941 |
399 |
|
+Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." |
|
42 |
CVE-2010-3940 |
399 |
|
+Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." |
|
43 |
CVE-2010-3939 |
119 |
|
Overflow +Priv |
2010-12-16 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." |
|
44 |
CVE-2010-3923 |
|
|
+Priv |
2010-12-30 |
2010-12-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. |
|
45 |
CVE-2010-3905 |
287 |
|
+Priv |
2010-12-22 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. |
|
46 |
CVE-2010-3904 |
20 |
|
+Priv |
2010-12-06 |
2020-08-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. |
|
47 |
CVE-2010-3895 |
264 |
1
|
+Priv |
2010-11-12 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
|
48 |
CVE-2010-3889 |
|
|
+Priv |
2010-10-08 |
2018-08-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. |
|
49 |
CVE-2010-3888 |
|
|
+Priv |
2010-10-08 |
2010-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. |
|
50 |
CVE-2010-3859 |
787 |
|
Overflow +Priv |
2010-12-29 |
2023-02-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. |
