Page 4 of 94 results (0.024 seconds)

CVSS: 5.0EPSS: 14%CPEs: 19EXPL: 5

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. La función vsf_filename_passes_filter de ls.c de vsftpd en versiones anteriores a la 2.3.3 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de toda la CPU y agotamiento de los slots de procesos) a través de una expresión glob modificada en comandos STAT en múltiples sesiones FTP. Una vulnerabilidad distinta a la CVE-2010-2632. Vsftpd versions 2.3.2 on NetBSD and 2.3.0 on Ubuntu suffer from a remote denial of service vulnerability. • https://www.exploit-db.com/exploits/16270 ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 http://cxib.net/stuff/vspoc232.c http://jvn.jp/en/jp/JVN37417423/index.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http&# • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. Desbordamiento de enteros en la función rds_rdma_pages en net/rds/rdma.c en el núcleo de Linux permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una estructura iovec manipulada en una petición Reliable Datagram Sockets (RDS), que provoca un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42778 http://secunia.com/advisories/42789 http://secunia.com/advisories/42801 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.ope • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. Múltiples desbordamientos de entero en las funciones (1) pppol2tp_sendmsg de net/l2tp/l2tp_ppp.c, y (2) l2tp_ip_sendmsg de net/l2tp/l2tp_ip.c, en las implementaciones PPPoL2TP y IPoL2TP en el kernel de Linux anterior a v2.6.36.2, permiten a usuarios locales provocar una denegación de servicio (corrupción en el montón de la memoria y pánico) o puede que aumentar privilegios a través de una llamada sendto. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce& • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 3%CPEs: 11EXPL: 0

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. Múltiples desbordamientos inferioreres de buffer en la función x25_parse_facilities en net/x25/x25_facilities.c en el kernel de Linux anteriores a v2.6.36.2 permite a atacantes remotos provocar una denegación de servicio (fallo del sistema) a través de X.25 con formato incorrecto (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B , (3) X25_FAC_CLASS_C, o (4) X25_FAC_CLASS_D, una vulnerabilidad diferente de CVE-2010-3873. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.o • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. Múltiples desbordamientos de entero en fs/bio.c en el kernel de Linux anterior a v2.6.36.2 permite a usuarios locales causar una denegación de servicio (fallo del sistema) a través de un dispositivo ioctl manipulado a un dispositivo SCSI. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb4644cac4a2797afc847e6c92736664d4b0ea34 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://l • CWE-190: Integer Overflow or Wraparound •