Page 31 of 206 results (0.007 seconds)

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. OpenSSH 3.0.1 y anteriores con UseLogin activado no limpia variables de entorno críticas como LD_PRELOAD, lo que permite a usuario locales ganar privilegios de root. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092 http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html http://marc.info/?l=bugtraq&m=100749779131514&w=2 http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2 http://www.ciac.org/ciac/bulletins/m-026.shtml http://www.debian.org/security/2001/dsa- •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. Vulnerabilidad de cadena de formato en la función de retrollamada (callback) en common.c en la librería Cyrus SASL (cyrus-sasl) podría permitr a atacantes remotos ejecutar comandos de su elección. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000444 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:018 http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3 http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt http://www.redhat.com/support/errata/RHSA-2001-150.html http://www.redhat.com/support/errata/RHSA-2001-151.html http://www.securityfocus&# •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432 http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 http://www.linuxsecurity.com/advisories/other_advisory-1683.html http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html http://www.redhat.com/support/errata/RHSA-2001-142.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7461 https://access.redhat.com/security •

CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 0

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 http://marc.info/?l=bugtraq&m=100260195401753&w=2 http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt http://www.debian.org/security/2001/dsa-080 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html http://www •

CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. • http://www.novell.com/linux/security/advisories/2001_041_susehelp_txt.html http://www.securityfocus.com/bid/3576 https://exchange.xforce.ibmcloud.com/vulnerabilities/7583 •