Page 8 of 52 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 33EXPL: 0

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. La función asplookup en FreeBSD 5.1 y anteriores, Max OS X anteriores a 10.2.8, y posiblemente otros sistemas basados en BSD, permite a atacantes remotos en una subred local causar una denegación de servicio (agotamiento de recursos y pánico) mediante una inundación de peticiones ARP suplantadas. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc http://docs.info.apple.com/article.html?artnum=61798 •

CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 1

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/?l=bugtraq&m=106398718909274&w=2 http://www.debian.org/security/2003/dsa-384 http://www.kb.cert.org/vuls/id/108964 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.securityfocus.com/bid/8649 http://www •

CVSS: 5.0EPSS: 12%CPEs: 26EXPL: 0

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. • ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727 http://www.kb.cert.org/vuls/id/993452 http://www.mandriva.com/security/advisories?name=MDKSA-2003:086 http://www.novell.com/linux/security/advisories/2003_035_sendmail.html http://www.redhat.com/support/errata/RHSA-2003-265.html http://www.sendmail.org/dnsmap1.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 96%CPEs: 165EXPL: 1

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Desbordamiento de entero en la función xdrmem_getbytes(), y posiblemente otras funciones, de librerias XDR (representación de datos externos) derivadas de SunRPC, incluyendo libnsl, libc y glibc permite a atacantes remotos ejecutar código arbitrario mediante ciertos valores enteros en campos de longitud. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html http://marc.info/?l=bugtraq&m=104810574423662&w=2 http://marc.info/?l=bugtraq&m=104811415301340&w=2 http://marc.info/?l=bugtraq&m=104860855114117&w=2 http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://marc.info/? •