Lucene search
K

5067 matches found

Oracle linux
Oracle linux
added 2009/01/27 12:0 a.m.49 views

dovecot security and bug fix update

1.0.7-7 - permissions of deliver and dovecot.conf from 1.0.7-5 reverted - password can be stored in different file readable only for root now - Resolves: 436287, CVE-2008-4870 1.0.7-6 - added missing directory in file list - Resolves: 436287 1.0.7-5 - change permissions of deliver and dovecot.con...

6.4CVSS0.6AI score0.02328EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2009/01/22 10:39 a.m.4 views

kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

7.8CVSS5.8AI score0.0368EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2009/01/21 12:0 a.m.42 views

RHEL 5 : dovecot (RHSA-2009:0205)

An updated dovecot package that corrects two security flaws and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily writte...

7.5CVSS7.1AI score0.02328EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2009/01/20 3:45 p.m.50 views

Low: Red Hat Security Advisory: dovecot security and bug fix update

An updated dovecot package that corrects two security flaws and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily writte...

7.5CVSS6.9AI score0.02328EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2008/12/16 7:30 a.m.2 views

kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

7.8CVSS5.8AI score0.0368EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2008/11/27 5:43 p.m.78 views

USN-679-1: Linux kernel vulnerabilities

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

7.8CVSS7.1AI score0.0368EPSS
Exploits7
myhack58
myhack58
added 2008/11/22 12:0 a.m.27 views

Linux each version of the local root password cracking method-vulnerability warning-the black bar safety net

This time the old met was asked and the various linux versions of the local root password cracking method, I here own and on the network to collect some information, we want to see this article and just used to give the art a little help: A RedHat/CentOS/Fedora system password cracking 1. In the...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/11/14 12:0 a.m.25 views

rPath Linux symbolic links vulnerability

rapa-console init script symbolic links vulnerability...

6.9CVSS1.3AI score0.00349EPSS
Exploits1References1Affected Software2
UbuntuCve
UbuntuCve
added 2008/11/07 7:36 p.m.28 views

CVE-2008-4996

init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is used in a single-user context; there's no possibility that this is exploitable...

6.9CVSS7.2AI score0.00434EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2008/10/21 1:18 a.m.1 views

CVE-2008-4624

PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFGCDIR parameter...

9.3CVSS6.5AI score0.03556EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2008/10/21 12:0 a.m.55 views

openSUSE 10 Security Update : kernel (kernel-5700)

The openSUSE 10.3 kernel was update to 2.6.22.19. This includes bugs and security fixes. CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service crash attack. CVE-2008-3528: The ext234 filesystem code fail...

10CVSS6AI score0.07091EPSS
Exploits11References9
seebug.org
seebug.org
added 2008/10/20 12:0 a.m.42 views

Instant Expert Analysis ActiveX控件任意代码下载和执行漏洞

BUGTRAQ ID: 31752 CVECAN ID: CVE-2008-4385 Instant Expert Analysis允许站点通过单击方式快速分析用户的软硬件。 Instant Expert Analysis对Firefox或Netscape浏览器使用签名的Java Applet(SRLApplet.class,由sysreqlab2.jar或sysreqlab.jar提供),对Internet Explorer使用签名的ActiveX控件(sysreqlab.dll、sysreqlabsli.dll或sysreqlab2.dll)。...

9.3CVSS6.4AI score0.37683EPSS
Exploits4
Prion
Prion
added 2008/10/15 8:7 p.m.24 views

Code injection

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

7.8CVSS6.3AI score0.0368EPSS
Exploits0References25Affected Software1
ATTACKERKB
ATTACKERKB
added 2008/10/15 8:7 p.m.16 views

CVE-2008-4576

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

7.8CVSS5.5AI score0.0368EPSS
Exploits0References26
seebug.org
seebug.org
added 2008/10/09 12:0 a.m.11 views

Linux Kernel SCTP INIT-ACK AUTH扩展远程拒绝服务漏洞

BUGTRAQ ID: 31634 CNCAN ID:CNCAN-2008100908 Linux是一款开放源代码的操作系统。 Linux不正确处理peers之间的不匹配SCTP AUTH扩展设置,本地攻击者可以利用漏洞触发内核Panic,造成拒绝服务攻击。 如果通过SupportedExtensions参数接收到INIT-ACK意味着peer不支持AUTH,报文会不告知的忽略,sctpprocessinit会清除联合中的所有传送。当T1-Init计时器过期时,选择一个不同的init传送可导致OOPS。 Linux kernel 2.6.27 -rc6 Linux kernel 2.6....

6.8AI score
Exploits0
seebug.org
seebug.org
added 2008/10/07 12:0 a.m.40 views

GdPicture Pro 'gdpicture4s.ocx' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID:31504 CNCAN ID:CNCAN-2008100305 GdPicture Pro是一款支持多格式的图像管理软件。 GdPicture Pro包含的gdpicture4s.ocx ActiveX控件存在设计错误,远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 SaveAsPDF方法允许通过sFilePath参数建立和覆盖文件,通过使用其他参数,如sTitle,攻击者可以注入HTML代码,使用hcp://协议执行。GdPicturePro5.Imaging也存在此漏洞。 GdPicture GdPicture Pro GdPicture GdPicture...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.15 views

Gentoo Security Advisory GLSA 200411-26 (GIMPS, SETI@home, ChessBrain)

The remote host is missing updates announced in advisory GLSA 200411-26. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.2AI score0.00397EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2008/09/17 12:0 a.m.48 views

Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)

Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz456120 Resolves: rhbz457934 Resolves: rhbz446393 Resolves: rhbz457597 - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim...

6.4CVSS5.6AI score0.99708EPSS
Exploits42References9
NVD
NVD
added 2008/08/18 7:41 p.m.22 views

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

6.2CVSS6.1AI score0.01001EPSS
Exploits6References33
Prion
Prion
added 2008/08/18 7:41 p.m.18 views

Hardcoded credentials

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

6.2CVSS6.3AI score0.01001EPSS
Exploits6References33Affected Software1
Rows per page
Query Builder