Page 25 of 289 results (0.010 seconds)

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://marc.info/?l=bugtraq&m=111342664116120&w=2 http://secunia.com/advisories/16998 http://secunia.com/advisories/17123 http://secunia.com/advisories/17532 http://secunia&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. Los scripts tpkg-* en el paquete toolchain-source 3.0.4 de Debian GNU/Linux 3.0 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales. • http://secunia.com/advisories/14277 http://www.debian.org/security/2005/dsa-679 http://www.securityfocus.com/bid/12540 https://exchange.xforce.ibmcloud.com/vulnerabilities/19317 •

CVSS: 7.5EPSS: 0%CPEs: 146EXPL: 0

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilidades originales. • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 http://www.mandriva.com/security/advisories? •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. • http://www.debian.org/security/2005/dsa-672 https://exchange.xforce.ibmcloud.com/vulnerabilities/19271 •

CVSS: 7.5EPSS: 20%CPEs: 7EXPL: 0

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. • http://fedoranews.org/updates/FEDORA--.shtml http://marc.info/?l=bugtraq&m=110780531820947&w=2 http://secunia.com/advisories/14076 http://securitytracker.com/id?1013045 http://www.debian.org/security/2005/dsa-667 http://www.kb.cert.org/vuls/id/886006 http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.osvdb.org/13319 http://www.redhat.com/support/errata/RHSA-2005-060.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •