Page 30 of 160 results (0.005 seconds)

CVSS: 10.0EPSS: 76%CPEs: 29EXPL: 0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura "fuera de límites" en un solo byte para ejecutar código arbitrario o modificar datos críticos del programa. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •

CVSS: 2.1EPSS: 0%CPEs: 93EXPL: 0

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. El controlador e1000 del kernel de Linux 2.4.26 y anteriores no inicializa la memoria antes de usarla, lo que permite a usuarios locales leer porciones de la memoria del kernel. NOTA: Este problema ha sido originalmente descrito incorrectamente por otras fuentes como un "desbordamiento de búfer". • ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 http://lwn.net/Articles/91155 http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log http://www.mandriva.com/security/advisories?name=MDKSA-2004:062 http://www.novell.com/linux/security/advisories/2004_20_kern •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. XDM en XFree86 abre una un socket TCP chooserFd incluso cuando DisplayManger.requestPort es 0, lo que podría permitir a atacantes remotos conectar al puerto, violando las restricciones pretendidas. • http://bugs.xfree86.org/show_bug.cgi?id=1376 http://secunia.com/advisories/12019 http://securitytracker.com/id?1010306 http://www.ciac.org/ciac/bulletins/p-001.shtml http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073 http://www.openbsd.org/errata.html#xdm http://www.redhat.com/support/errata/RHSA-2004-478.html http://www.securityfocus.com/bid/10423 https://bugzilla.redhat.com/bugz •

CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." Múltiples vulnerabilidades en Midnight Commander (mc) anteriores a 4.6.0, con impacto desconocido, relacionadas con "creación insegura de ficheros y directorios temporales." • http://security.gentoo.org/glsa/glsa-200405-21.xml http://www.debian.org/security/2004/dsa-497 http://www.mandriva.com/security/advisories?name=MDKSA-2004:039 http://www.novell.com/linux/security/advisories/2004_12_mc.html http://www.redhat.com/support/errata/RHSA-2004-172.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16020 https://access.redhat.com/security/cve/CVE-2004-0231 https://bugzilla.redhat.com/show_bug.cgi?id=1617180 •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. Múltiples desbordamientos de búfer en Midnight Commander (mc) anteriores a 4.6.0 pueden permitir a atacantes causar una denegación de servicio o ejecutar código arbitrario. • http://security.gentoo.org/glsa/glsa-200405-21.xml http://www.debian.org/security/2004/dsa-497 http://www.mandriva.com/security/advisories?name=MDKSA-2004:039 http://www.novell.com/linux/security/advisories/2004_12_mc.html http://www.redhat.com/support/errata/RHSA-2004-172.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16016 https://access.redhat.com/security/cve/CVE-2004-0226 https://bugzilla.redhat.com/show_bug.cgi?id=1617179 •