Page 2 of 11 results (0.015 seconds)

CVSS: 7.8EPSS: 11%CPEs: 8EXPL: 0

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. Múltiples fugas de memoria en Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 y anteriores, permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores que involucran: (1) la fase de autenticación/asignación y (2) peticiones de búsqueda LDAP anónimas. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 http://secunia.com/advisories/31565 http://secunia.com/advisories/31627 http://secunia.com/advisories/31702 http://secunia.com/advisories/31867 http://secunia.com/advisories/31913 http://securitytracker.com/id?1020774 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html http://www.redhat.com/support/errata/RHSA-2008-0602.html http://www.redhat.com/support/errata/RHSA-2008-0 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. Red Hat Directory Server 7.1 anterior al SP4 usa permisos inseguros para ciertos directorios, lo que permite a usuarios locales modificar archivos JAR y ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/29350 http://www.redhat.com/support/errata/RHSA-2008-0173.html http://www.securityfocus.com/bid/28204 http://www.securitytracker.com/id?1019577 https://exchange.xforce.ibmcloud.com/vulnerabilities/41152 https://access.redhat.com/security/cve/CVE-2008-0890 https://bugzilla.redhat.com/show_bug.cgi?id=436116 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 0

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 http://www.securityfocus.com/bid/11015 http://xforce.iss.net/xforce/alerts/id/180 https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. • http://www.atstake.com/research/advisories/2001/a030701-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/6233 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3

Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. • https://www.exploit-db.com/exploits/20324 https://www.exploit-db.com/exploits/20325 http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html http://www.iplanet.com/downloads/patches/0122.html http://www.osvdb.org/4086 http://www.osvdb.org/486 http://www.securityfocus.com/bid/1839 https://exchange.xforce.ibmcloud.com/vulnerabilities/5421 •