38 results (0.012 seconds)

CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 4

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. • https://www.exploit-db.com/exploits/1402 http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c http://www.securityfocus.com/archive/1/420677 http://www.securityfocus.com/bid/16122 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.40/SCOSA-2005.40.txt http://secunia.com/advisories/17274 http://securitytracker.com/id?1015099 http://www.idefense.com/application/poi/display?type=vulnerabilities http://www.osvdb.org/20153 http://www.osvdb.org/20154 http://www.securityfocus.com/bid/15160 •

CVSS: 5.6EPSS: 0%CPEs: 121EXPL: 0

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2 http://marc.info/?l=freebsd-security&m=110994370429609&w=2 http://marc.info/?l=openbsd-misc&m=110995101417256&w=2 http://secunia.com/advisories/15348 http://secunia.com/advisories/18165 http://securitytracker.com/id?1013967 http://sunsolve.sun.com/search/document.do? •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt http://secunia.com/advisories/14012 http://www.kb.cert.org/vuls/id/972598 http://www.securityfocus.com/bid/12372 https://exchange.xforce.ibmcloud.com/vulnerabilities/19479 •

CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •