Page 11 of 104 results (0.013 seconds)

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. La configuración predeterminada para autofs 5 (autofs5) en algunas distribuciones de Linux, como Red Hat Enterprise Linux (RHEL) versiones 4 y 5, no especifica la opción de montaje nodev para el mapa -hosts, que permite a los usuarios locales acceder a "important devices" mediante la operación de un servidor NFS remoto y creando archivos de dispositivo especial en ese servidor, como es demostrado por el dispositivo /dev/mem. • http://osvdb.org/40442 http://rhn.redhat.com/errata/RHSA-2007-1176.html http://rhn.redhat.com/errata/RHSA-2007-1177.html http://secunia.com/advisories/28156 http://secunia.com/advisories/28168 http://secunia.com/advisories/28456 http://securitytracker.com/id?1019137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 http://www.securityfocus.com/bid/26970 https://bugzilla.redhat.com/show_bug.cgi?id=426218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39188 • CWE-16: Configuration •

CVSS: 4.3EPSS: 10%CPEs: 4EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). La biblioteca Perl-Compatible Regular Expression (PCRE) versiones anteriores a 6.7 no calcula apropiadamente la ubicación de memoria compilada para expresiones regulares que involucran un "subpatrón conteniendo un recursión nombrada ó referencia a subrutina" cuantificado, lo cual permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (error o caída) • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/28041 http://secunia.com/advisories/28658 http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://www.pcre.org/changelog.txt http://www.redhat.com/support/errata/RHSA-2007-1059.html http://www.redhat.com/support/errata/RHSA-2007-1068.html http://www.securityfocus.com/bid/26727 https://bugzilla.red •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. Una pérdida de memoria en el parche del kernel de Red Hat Content Accelerator en Red Hat Enterprise Linux (RHEL) versiones 4 y 5, permite a usuarios locales causar una denegación de servicio (consumo de memoria) por medio de un gran número de peticiones abiertas que involucran a O_ATOMICLOOKUP. • http://osvdb.org/44153 http://secunia.com/advisories/27824 http://secunia.com/advisories/28162 http://www.redhat.com/support/errata/RHSA-2007-0993.html http://www.redhat.com/support/errata/RHSA-2007-1104.html http://www.securityfocus.com/bid/26657 http://www.securitytracker.com/id?1019017 https://bugzilla.redhat.com/show_bug.cgi?id=315051 https://exchange.xforce.ibmcloud.com/vulnerabilities/38823 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 3%CPEs: 51EXPL: 0

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. • ftp://aix.software.ibm.com/aix/efixes/security/README http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120352263023774&w=2 http://secunia.com/advisories/27479 http://secunia.com/advisories/27515 http://secunia.com/advisories/27531 http://secunia.com/advisories/27546 http://secunia.com/advisories/27548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •