Page 5 of 37 results (0.016 seconds)

CVSS: 3.6EPSS: 0%CPEs: 45EXPL: 0

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. • http://marc.info/?l=bugtraq&m=112690609622266&w=2 http://secunia.com/advisories/16747 http://secunia.com/advisories/17073 http://secunia.com/advisories/17918 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 http://www.redhat.com/support/errata/RHSA-2005-514.html http://www.securityfocus.com/archive/1/419522/100/0/threaded htt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-modssl&m=112569517603897&w=2 http://marc.info/?l=bugtraq&m=112604765028607&w=2 http://marc.info/?l=bugtraq&m=112870296926652&w=2 http://people.apache.org/~jorton/CAN-2005-2700.diff http://secunia.com/advisories/16700 http://secunia.com/advisories/16705 http://secunia.com/advisories/16714 http://secunia.com/advisories/16743 http://secunia.com/advisories/16746 http:&# •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/15447 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/19183 http://secunia.com/advisories/2 •

CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff http://marc.info/?l=bugtraq&m=111419664411051&w=2 http://secunia.com/advisories/15060 http://www.kde.org/info/security/advisory-20050420-1.txt http://www.securityfocus.com/bid/13313 •