992 matches found
CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...
Important: Red Hat Security Advisory: Updated kernel packages for Red Hat Enterprise Linux 3 Update 8
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles...
[Full-disclosure] rPSA-2006-0122-1 kernel
rPath Security Advisory: 2006-0122-1 Published: 2006-07-07 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1 References:...
cachefsd heap overflow
Added: 04/05/2006 CVE: CVE-2002-0033 BID: 4674 OSVDB: 779 Background cachefsd is an RPC service which supports local caching of Network File Systems NFS, thereby improving performance on filesystems mounted from an NFS server. Problem A heap overflow in cachefsd allows remote command execution...
squid security update
CentOS Errata and Security Advisory CESA-2006:0052 An updated squid package that fixes a security vulnerability as well as several issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy cachin...
Lighttpd web server source code disclosure
Source code leak on case-insensitive file systems...
Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-178-1)
Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kerne...
[SECURITY] [DSA 922-1] New Linux 2.6.8 packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 922-1 [email protected] http://www.debian.org/security/ Martin Schulze December 14th, 2005 http://www.debian.org/security/faq -...
CVE-2002-2068
The CVE-2002-2068 entry concerns Eraser 5.3 failing to clear Windows alternate data streams (ADS) attached to NTFS files, enabling recovery of data that should be deleted. Affected software: Eraser 5.3; root cause: ADS not cleared. Impact stated: data that was supposed to be deleted can be recove...
CVE-2004-2136
The CVE-2004-2136 entry concerns dm-crypt in the Linux kernel (2.6.x) used on certain filesystems with block sizes of 1024 or greater. The underlying issue is an IV computation weakness in the encryption mode that can allow watermarked files to be detected without decrypting the data. The availab...
CVE-2004-2135
Cryptoloop in Linux kernel 2.6.x, when used on file systems with a block size of 1024 or greater, contains IV computation weaknesses that allow watermarked files to be detected without decryption. The documented impact is PARTIAL confidentiality loss. No exploits, specific remediations, or affect...
CVE-2004-2759
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files...
GLSA-200407-16 : Linux Kernel: Multiple DoS and permission vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200407-16 Linux Kernel: Multiple DoS and permission vulnerabilities The Linux kernel allows a local attacker to mount a remote file system on a vulnerable Linux host and modify files' group IDs. On 2.4 series kernels this...
Доступ к зашифрованным файлам Passid EasyDisk
Доступ к зашифрованным файлам Passid EasyDisk Software: Passid EasyDisk Vendor: EasyDisk Platforms: Win32 Author: durito Date: 7th July 2004 ++----------------++ | | About Product | | ++----------------++ Passid EasyDisk - программа, предназначенная для шифрования данных на флеш-картах EasyDisk...
RHEL 2.1 : fileutils (RHSA-2003:310)
Updated fileutils packages that close a potential denial of service vulnerability are now available. The fileutils package contains several basic system utilities. One of these utilities is the 'ls' program, which is used to list information about files and directories. Georgi Guninski discovered...
Moderate: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix a security vulnerability affecting the kernel nfs server for Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make...
CVE-2004-2135
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption...
(RHSA-2003:408) Updated kernel packages address security vulnerabilities, bugfixes
The Linux kernel handles the basic functions of the operating system. The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. The Common...
CVE-2003-0976
CVE-2003-0976 concerns the NFS Server (XNFS.NLM) component of Novell NetWare 6.5. The issue arises because exports enforcement can be bypassed when using hostname aliases from sys:\etc\hosts, allowing potentially authorized hosts to mount file systems that XNFS should deny. Affected product: NFS ...
CVE-2002-2067
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...