Page 15 of 87 results (0.003 seconds)

CVSS: 10.0EPSS: 95%CPEs: 27EXPL: 0

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=110054671403755&w=2 http://marc.info/?l=bugtraq&m=110055646329581&w=2 http://marc.info/?l=bugtraq&m=110330519803655&w=2 http://secunia.com/advisories/13189 http&# •

CVSS: 7.2EPSS: 0%CPEs: 51EXPL: 0

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=110028877431192&w=2 http://marc.info/?l=bugtraq&m=110598298225675&w=2 http://www.debian.org/security/2004/dsa-596 http://www.mandriva.com/security/advisories?name=MDKSA-2004:133 http://www.securityfocus.com/bid/11668 http://www.sudo.ws/sudo/alerts/bash_functions.html http://www.trustix.org/errata/2004/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/18055 https& •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://www.redhat.com/support/errata/RHSA-2004-635.html http://www.securityfocus.com/bid/11618 https://exchange.xforce.ibmcloud.com/vulnerabilities/17985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 https://usn.ubuntu.com/20-1 https://access.redhat.com/security/cve/CVE-2004-0983 https://bugzilla.redhat.com/show_bug.cgi?id=1 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01 https://exchange.xforce.ibmcloud.com/vulnerabilities/17916 •

CVSS: 1.2EPSS: 0%CPEs: 120EXPL: 0

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. Múltiples condiciones de carrera en la capa de terminal de Linux kernel 2.4.x y 2.6.x anteriores a 2.6.9 permiten a usuarios locales obtener porciones de datos del kernel mediante una llamada ioctl TIOCSETD a una interfaz de terminal que esté siendo accedida por otro hilo, o a atacantes remotos causar una denegación de servicio (panic) cambiando de consola a disciplina de línea PPP, y enviando entonces inmediatamente datos que son recibidos durante la conmutación. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 http://marc.info/?l=bugtraq&m=110306397320336&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.redhat.com/support/errata/RHSA-2005-293.html http://www.securityfocus.com/archive/1/379005 http://www.securityfocus.com/bid/11491 http://www.securityfocus.com/bid/11492 https://bugzilla.fedora.us/show_bug.cgi? •