Page 16 of 211 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-6560

https://notcve.org/view.php?id=CVE-2008-6560

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. Desbordamiento de búfer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegación de servicio (consumo de CPU y consumo de memoria) a través de un fichero cluster.conf con muchas líneas. NOTA: no está claro si este problema cruza fronteras de privilegios en usuarios reales del producto. • http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html http://www.ubuntu.com/usn/USN-875-1 https://bugzilla.redhat.com/show_bug.cgi?id=468966 https://exchange.xforce.ibmcloud.com/vulnerabilities/49832 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 117EXPL: 0

CVE-2008-5516 – gitWeb 1.x Remote Command Execution

https://notcve.org/view.php?id=CVE-2008-5516

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. gitWeb version 1.x suffers from a remote command execution vulnerability. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4919 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-4832

https://notcve.org/view.php?id=CVE-2008-4832

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time. rc.sysinit en el paquete initscripts en sus versiones 8.12-8.21 y 8.56.15-0.1 de rPath permite a usuarios locales borrar archivos arbitrarios a través de un ataque de seguimiento de enlace simbólicos sobre un directorio bajo (1) /var/lock o (2) /var/run. NOTA: Este problema existe debido a una condición de carrera en una incorrecta solución a la vulnerabilidad CVE-2008-3524. NOTA: La explotación podrá exigir un escenario inusual en el que se ejecuta rc.sysinit en un momento distinto al arranque del sistema. • http://secunia.com/advisories/32710 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318 https://exchange.xforce.ibmcloud.com/vulnerabilities/46700 https://issues.rpath.com/browse/RPL-2857 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-6283 – bind: /etc/rndc.key has 644 permissions by default

https://notcve.org/view.php?id=CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. Red Hat Enterprise Linux 5 y Fedora instalan el fichero Bind /etc/rndc.key file con permisos de lectura por todos, lo cual permite a usuarios locales realizar comandos no autorizados, como provocar una denegación de servicio por un comando de parada. • http://secunia.com/advisories/28180 http://secunia.com/advisories/30313 http://www.redhat.com/support/errata/RHSA-2008-0300.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html https://access.redhat.com/security/cve/CVE-2007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5079 – gdm with xdmcp ignoring tcp_wrappers on x86_64

https://notcve.org/view.php?id=CVE-2007-5079

Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. Red Hat Enterprise Linux 4 no compila apropiadamente y enlaza gdm con tcp_wrappers en plataformas x86_64, lo cual podría permitir a atacantes remotos evitar restricciones de acceso intencionadas. • http://www.redhat.com/support/errata/RHSA-2010-0657.html https://bugzilla.redhat.com/show_bug.cgi?id=181302 https://exchange.xforce.ibmcloud.com/vulnerabilities/36791 https://access.redhat.com/security/cve/CVE-2007-5079 •