Page 30 of 337 results (0.016 seconds)

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()

https://notcve.org/view.php?id=CVE-2014-2678

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html http://secunia.com/advisories/59386 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://www.securityfocus.com/bid/66543 https://lkml.org/lkml/2014/3/29/188 https://access.redhat.com/security/cve/CV • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 96%CPEs: 31EXPL: 2

CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service

https://notcve.org/view.php?id=CVE-2013-5211

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013. Detect UDP endpoints with UDP amplification vulnerabilities. • https://www.exploit-db.com/exploits/33073 https://github.com/0xhav0c/CVE-2013-5211 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://bugs.ntp.org/show_bug.cgi?id=1532 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://marc.info/?l=bugtraq&m=144182594518 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-2306

https://notcve.org/view.php?id=CVE-2011-2306

Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated." Vulnerabilidad no especificada en Oracle Linux v4 y v5 permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con "Oracle validado". • http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50194 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-6560

https://notcve.org/view.php?id=CVE-2008-6560

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. Desbordamiento de búfer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegación de servicio (consumo de CPU y consumo de memoria) a través de un fichero cluster.conf con muchas líneas. NOTA: no está claro si este problema cruza fronteras de privilegios en usuarios reales del producto. • http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html http://www.ubuntu.com/usn/USN-875-1 https://bugzilla.redhat.com/show_bug.cgi?id=468966 https://exchange.xforce.ibmcloud.com/vulnerabilities/49832 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 117EXPL: 0

CVE-2008-5516 – gitWeb 1.x Remote Command Execution

https://notcve.org/view.php?id=CVE-2008-5516

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. gitWeb version 1.x suffers from a remote command execution vulnerability. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4919 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •