Page 19 of 137 results (0.020 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-2306

https://notcve.org/view.php?id=CVE-2011-2306

Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated." Vulnerabilidad no especificada en Oracle Linux v4 y v5 permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con "Oracle validado". • http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50194 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-6560

https://notcve.org/view.php?id=CVE-2008-6560

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. Desbordamiento de búfer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegación de servicio (consumo de CPU y consumo de memoria) a través de un fichero cluster.conf con muchas líneas. NOTA: no está claro si este problema cruza fronteras de privilegios en usuarios reales del producto. • http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html http://www.ubuntu.com/usn/USN-875-1 https://bugzilla.redhat.com/show_bug.cgi?id=468966 https://exchange.xforce.ibmcloud.com/vulnerabilities/49832 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0

CVE-2008-4609

https://notcve.org/view.php?id=CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-6283 – bind: /etc/rndc.key has 644 permissions by default

https://notcve.org/view.php?id=CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. Red Hat Enterprise Linux 5 y Fedora instalan el fichero Bind /etc/rndc.key file con permisos de lectura por todos, lo cual permite a usuarios locales realizar comandos no autorizados, como provocar una denegación de servicio por un comando de parada. • http://secunia.com/advisories/28180 http://secunia.com/advisories/30313 http://www.redhat.com/support/errata/RHSA-2008-0300.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html https://access.redhat.com/security/cve/CVE-2007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0

CVE-2007-4137 – QT off by one buffer overflow

https://notcve.org/view.php?id=CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •