Page 16 of 81 results (0.013 seconds)

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2009-5006 – qpid: crash when redeclaring the exchange with specified alternate_exchange

https://notcve.org/view.php?id=CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. La función SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de Apache Qpid en versiones anteriores a la v0.6, tal como es utilizado en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a usuarios autenticados remotos provocar una denegación de servicio (resolución de puntero NULL, caída del demonio, y apagón del cluster) tratando de modificar el suplente de un intercambio. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=811188&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642377 https://issues.apache.org/jira/browse/QPID-2080 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5006 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2010-3701 – MRG: remote authenticated DoS in broker

https://notcve.org/view.php?id=CVE-2010-3701

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. lib/MessageStoreImpl.cpp en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 permite a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de la pila de la memoria y caída del sistema) mediante un mensaje persistente grande. • http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=634014 https://bugzilla.redhat.com/show_bug.cgi?id=640006 https://access.redhat.com/security/cve/CVE-2010-3701 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-3083 – MRG: SSL connections to MRG broker can be blocked

https://notcve.org/view.php?id=CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociación SSL. • http://secunia.com/advisories/41710 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch http://www.openwall.com/lists/oss-security/2010/10/08/1 http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=632657 https://access.redhat.com/security/cve/CVE-2010-3083 •

CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0

CVE-2009-4133 – Condor: queue super user cannot drop privs

https://notcve.org/view.php?id=CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elección, y de ese modo obtener privilegios, usando una herramienta de línea de commandos Condor para modificar un atributo de tarea no especificado. • http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018 http://secunia.com/advisories/37766 http://secunia.com/advisories/37803 http://securitytracker.com/id?1023378 http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000 http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html http://www.redhat.com/support/errata/RHSA-2009-1688.html http://www.redhat.com/support/errata/RHSA-2009-1689.html http://www.securityfocus.com/bid& •

CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 7

CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •