Page 2 of 9 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2010-3701 – MRG: remote authenticated DoS in broker

https://notcve.org/view.php?id=CVE-2010-3701

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. lib/MessageStoreImpl.cpp en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 permite a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de la pila de la memoria y caída del sistema) mediante un mensaje persistente grande. • http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=634014 https://bugzilla.redhat.com/show_bug.cgi?id=640006 https://access.redhat.com/security/cve/CVE-2010-3701 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-3083 – MRG: SSL connections to MRG broker can be blocked

https://notcve.org/view.php?id=CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociación SSL. • http://secunia.com/advisories/41710 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch http://www.openwall.com/lists/oss-security/2010/10/08/1 http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=632657 https://access.redhat.com/security/cve/CVE-2010-3083 •

CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 7

CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2009-3620 – kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised

https://notcve.org/view.php?id=CVE-2009-3620

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. El controlador ATI Rage 128 (también conocido como r128), en el Kernel de Linux anterior a v2.6.31-git11 no verifica de forma adecuada el estado de inicialización del "Concurrent Command Engine (CCE)", lo que permite a usuarios locales provocar una denegación de servicio (desreferenciación de puntero nulo y caída del sistema) o posiblemente obtener privilegios a través de llamadas ioctl sin especificar. • http://article.gmane.org/gmane.linux.kernel/892259 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://lists.vmware.com/pipermail/sec • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •