Page 2 of 17 results (0.007 seconds)

CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16180 •

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16179 •

CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060 http://www.mandriva.com/security/advisories?name=MDKSA-2004:045 http://www.securityfocus.com/bid/10370 https://exchange.xforce.ibmcloud.com/vulnerabilities/16178 •

CVSS: 7.2EPSS: 0%CPEs: 51EXPL: 0

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=110028877431192&w=2 http://marc.info/?l=bugtraq&m=110598298225675&w=2 http://www.debian.org/security/2004/dsa-596 http://www.mandriva.com/security/advisories?name=MDKSA-2004:133 http://www.securityfocus.com/bid/11668 http://www.sudo.ws/sudo/alerts/bash_functions.html http://www.trustix.org/errata/2004/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/18055 https& •

CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 0

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302 http://secunia.com/advisories/12973 http://www.debian.org/security/2004/dsa-603 http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml http://www.redhat.com/support/errata/RHSA-2005-476.html http://www.securityfocus.com/bid/11293 http://www.trustix.org/errata/2004/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106 •