258 results (0.013 seconds)

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Vulnerabilidad en xfs_metadump en xfsprogs en versiones anteriores a la 3.2.4, no ofusca apropiadamente los datos de archivo, lo cual permite a atacantes remotos obtener información sensible mediante la lectura de una imagen generada. It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164180.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164189.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00027.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00007.html http://oss.sgi.com/pipermail/xfs/2015-July/042726.html http://www.openwall.com/lists/oss-security/2015/07/23/12 http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. Las secuencias de comandos (1) pcmd y (2) pmlogger en Performance Co-Pilot (PCP) v3.6.10, permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico en un archivo temporal /var/tmp/##### • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html http://www.securityfocus.com/bid/56656 https://bugzilla.novell.com/show_bug.cgi?id=782967 https://bugzilla.redhat.com/show_bug.cgi?id=875842 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 9%CPEs: 13EXPL: 0

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. Múltiples pérdidas de memoria en Performance Co-Pilot (PCP) anterior a v3.6.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o un accidente demonio) a través de un gran número de PDUs con (1) un número de contexto diseñado al función en DoFetch pmcd / src / dofetch.c o (2) un valor de tipo negativo para la función pmGetPDU __ en libpcp / src / pdu.c. • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4 http://oss.sgi.com • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. Performance Co-Pilot (PCP) anterior a v3.6.5 realiza exportaciones de algunos de los sistema de archivos /proc, que permite a los atacantes obtener información confidencial, como proc / pid / maps y los argumentos de línea de comandos. • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 http://www.debian.org/security/2012/dsa-2533 http://www.openwall.com/lists/oss-security/2012/08/16/1 https://b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 4%CPEs: 13EXPL: 0

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." La función pduread en pdu.c en libpcp en Performance Co-Pilot (PCP) anterior a v3.6.5 no realiza el tiempo de espera de conexiones, permitiendo a atacantes remotos provocar una denegación de servicio (pmcd bloquea) mediante el envío de bytes individuales de una PDU por separado , en relación a un "defecto de programación orientada a eventos." • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354 http://www.debian.org& •