Page 6 of 57 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 51EXPL: 0

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=110028877431192&w=2 http://marc.info/?l=bugtraq&m=110598298225675&w=2 http://www.debian.org/security/2004/dsa-596 http://www.mandriva.com/security/advisories?name=MDKSA-2004:133 http://www.securityfocus.com/bid/11668 http://www.sudo.ws/sudo/alerts/bash_functions.html http://www.trustix.org/errata/2004/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/18055 https& •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://www.redhat.com/support/errata/RHSA-2004-635.html http://www.securityfocus.com/bid/11618 https://exchange.xforce.ibmcloud.com/vulnerabilities/17985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 https://usn.ubuntu.com/20-1 https://access.redhat.com/security/cve/CVE-2004-0983 https://bugzilla.redhat.com/show_bug.cgi?id=1 •

CVSS: 5.0EPSS: 20%CPEs: 75EXPL: 1

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 http://marc.info/?l=bugtraq&m=109779465621929&w=2 http://secunia.com/advisories/12818 http://securitytracker.com/id?1011674 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do? •

CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 0

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302 http://secunia.com/advisories/12973 http://www.debian.org/security/2004/dsa-603 http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml http://www.redhat.com/support/errata/RHSA-2005-476.html http://www.securityfocus.com/bid/11293 http://www.trustix.org/errata/2004/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106 •

CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. • http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml http://www.trustix.org/errata/2004/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 •