Page 21 of 289 results (0.011 seconds)

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23 http://linux.bkbits.net:8080/linux-2.6/cset%404346883bQBeBd26syWTKX2CVC5bDcA http://secunia.com/advisories/17114 http://secunia.com/advisories/17280 http://secunia.com/advisories/17364 http://secunia.com/advisories/17826 http://secunia.com/advisories/17917 http://secunia.com/advisories/19374 http://www.debian.org/security/2006/dsa-1017 http://www.mandriva.com/security& • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 2.1EPSS: 0%CPEs: 41EXPL: 0

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. • http://bugs.gentoo.org/show_bug.cgi?id=107871 http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0 http://secunia.com/advisories/17037 http://secunia.com/advisories/17038 http://secunia.com/advisories/17040 http://secunia.com/advisories/17142 http://secunia.com/advisories/17182 http://secunia.com/advisories/17215 http://www.debian.org/security/2005/dsa-835 http://www.debian.org/security/2005/dsa-836 http://www. •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. • http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c%401.156?nav=index.html%7Csrc/%7Csrc/fs%7Chist/fs/exec.c http://secunia.com/advisories/17141 http://secunia.com/advisories/18056 http://secunia.com/advisories/18510 http://www.debian.org/security/2005/dsa-922 http://www.mandriva.com/security/advisories?name=MDKSA-2006:072 http://www.redhat.com/support/errata/RHSA-2006-0101.html http://www.securityfocus.com/archive/1/427980/100/0/threaded http://www.securi • CWE-667: Improper Locking •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. • http://marc.info/?l=linux-kernel&m=112766129313883 http://secunia.com/advisories/17826 http://secunia.com/advisories/17917 http://secunia.com/advisories/17918 http://secunia.com/advisories/19374 http://secunia.com/advisories/21035 http://secunia.com/advisories/21136 http://secunia.com/advisories/21465 http://secunia.com/advisories/21983 http://secunia.com/advisories/22417 http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm http://support.avaya.com/elmodocs2/security& • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-modssl&m=112569517603897&w=2 http://marc.info/?l=bugtraq&m=112604765028607&w=2 http://marc.info/?l=bugtraq&m=112870296926652&w=2 http://people.apache.org/~jorton/CAN-2005-2700.diff http://secunia.com/advisories/16700 http://secunia.com/advisories/16705 http://secunia.com/advisories/16714 http://secunia.com/advisories/16743 http://secunia.com/advisories/16746 http:&# •