Page 7 of 40 results (0.006 seconds)

CVSS: 3.6EPSS: 0%CPEs: 45EXPL: 0

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. • http://marc.info/?l=bugtraq&m=112690609622266&w=2 http://secunia.com/advisories/16747 http://secunia.com/advisories/17073 http://secunia.com/advisories/17918 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1 http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 http://www.redhat.com/support/errata/RHSA-2005-514.html http://www.securityfocus.com/archive/1/419522/100/0/threaded htt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-modssl&m=112569517603897&w=2 http://marc.info/?l=bugtraq&m=112604765028607&w=2 http://marc.info/?l=bugtraq&m=112870296926652&w=2 http://people.apache.org/~jorton/CAN-2005-2700.diff http://secunia.com/advisories/16700 http://secunia.com/advisories/16705 http://secunia.com/advisories/16714 http://secunia.com/advisories/16743 http://secunia.com/advisories/16746 http:&# •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. • http://secunia.com/advisories/16412 http://secunia.com/advisories/17463 http://securitytracker.com/id?1014636 http://www.debian.org/security/2005/dsa-892 http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.osvdb.org/18696 http://www.securiteam.com/unixfocus/5DP0J00GKE.html http://www.securityfocus.com/bid/14525 https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/15447 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/19183 http://secunia.com/advisories/2 •