Page 17 of 117 results (0.017 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2006-5170

https://notcve.org/view.php?id=CVE-2006-5170

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. pam_ldap en nss_ldap sobre Red Hat Enterprise Linux 4, Fedora Core 3 y anteriores, y posiblemente otras distribuciones no devuelven una condición de error cuando un servidor de directorio LDAP responde con una respuesta de control PasswordPolicyResponse, lo cual provoca que la función pam_authenticate devuelva código correcto aunque haya fallado, según lo divulgado originalmente para el xscreensaver. • http://bugzilla.padl.com/show_bug.cgi?id=291 http://rhn.redhat.com/errata/RHSA-2006-0719.html http://secunia.com/advisories/22682 http://secunia.com/advisories/22685 http://secunia.com/advisories/22694 http://secunia.com/advisories/22696 http://secunia.com/advisories/22869 http://secunia.com/advisories/23132 http://secunia.com/advisories/23428 http://security.gentoo.org/glsa/glsa-200612-19.xml http://securitytracker.com/id?1017153 http://www.debian.org/security/2006 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-3813

https://notcve.org/view.php?id=CVE-2006-3813

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. Un error de regresión en el paquete Perl para Red Hat Enterprise Linux 4 omite el parche para CVE-2005-0155, lo cual permite a usuarios locales sobrescribir archivos de su elección sin información de depuración. • http://rhn.redhat.com/errata/RHSA-2006-0605.html http://secunia.com/advisories/21646 http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9456 https://access.redhat.com/security/cve/CVE-2006-3813 https://bugzilla.redhat.com/show_bug.cgi?id=1618172 •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 1

CVE-2005-3626

https://notcve.org/view.php?id=CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2005-3629

https://notcve.org/view.php?id=CVE-2005-3629

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://secunia.com/advisories/19162 http://secunia.com/advisories/19532 http://securitytracker.com/id?1015732 http://www.redhat.com/support/errata/RHSA-2006-0015.html http://www.redhat.com/support/errata/RHSA-2006-0016.html http://www.securityfocus.com/bid/17038 https://exchange.xforce.ibmcloud.com/vulnerabilities/25374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11198 https: •

CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1

CVE-2005-3625

https://notcve.org/view.php?id=CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •