Page 25 of 150 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E http://rhn.redhat.com/errata/RHSA-2006-0159.html http://secunia.com/advisories/16559 http://secunia.com/advisories/17923 http://secunia.com/advisories/18161 http://secunia.com/advisories/18333 http://secunia.com/advisories/18585 http://securitytracker.com/id?1015093 http://svn.apache.org/viewcvs?rev=292949&view=rev http://www.mandriva.com/security/advisories?name= • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Error de fuera-por-uno en la retrollamda de verificación de Lista de Revocación de Certificados (CRL) de mod_ssl para Apache, cuando se configura para usar un CRL, permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una CRL que causa un desbordamiento de búfer de un byte nule. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://rhn.redhat.com/errata/RHSA-2005-582.html http://secunia.com/advisories/19072 http://secunia.com/advisories/19185 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.debian.org/security/2005/dsa-805 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 http:/& • CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. • http://secunia.com/advisories/15675 http://securitytracker.com/id?1014181 http://www.redhat.com/support/errata/RHSA-2005-502.html http://www.securityfocus.com/bid/13936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9522 https://access.redhat.com/security/cve/CVE-2005-1760 https://bugzilla.redhat.com/show_bug.cgi?id=1617664 •

CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. • http://www.redhat.com/support/errata/RHSA-2005-381.html http://www.securityfocus.com/bid/13506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11256 https://access.redhat.com/security/cve/CVE-2005-1194 https://bugzilla.redhat.com/show_bug.cgi?id=1617615 •

CVSS: 3.7EPSS: 0%CPEs: 104EXPL: 0

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www& •