Page 22 of 140 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. pam_ldap en nss_ldap sobre Red Hat Enterprise Linux 4, Fedora Core 3 y anteriores, y posiblemente otras distribuciones no devuelven una condición de error cuando un servidor de directorio LDAP responde con una respuesta de control PasswordPolicyResponse, lo cual provoca que la función pam_authenticate devuelva código correcto aunque haya fallado, según lo divulgado originalmente para el xscreensaver. • http://bugzilla.padl.com/show_bug.cgi?id=291 http://rhn.redhat.com/errata/RHSA-2006-0719.html http://secunia.com/advisories/22682 http://secunia.com/advisories/22685 http://secunia.com/advisories/22694 http://secunia.com/advisories/22696 http://secunia.com/advisories/22869 http://secunia.com/advisories/23132 http://secunia.com/advisories/23428 http://security.gentoo.org/glsa/glsa-200612-19.xml http://securitytracker.com/id?1017153 http://www.debian.org/security/2006 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. El nlmclnt_mark_reclaim en clntlock.c en NFS lockd en el kernel de Linux en versiones anteriores a 2.6.16 permite a atacantes remotos provocar una denegación de servicio (caída de proceso) y denegación de acceso a exportaciones NFS a través de vectores no especificados que desencadenan un oops en el kernel (referencia nula) y bloqueo mutuo. • http://marc.info/?l=linux-kernel&m=113476665626446&w=2 http://marc.info/?l=linux-kernel&m=113494474208973&w=2 http://rhn.redhat.com/errata/RHSA-2007-0488.html http://secunia.com/advisories/23361 http://secunia.com/advisories/23384 http://secunia.com/advisories/23752 http://secunia.com/advisories/25838 http://secunia.com/advisories/26289 http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2 • CWE-667: Improper Locking •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •