2921 matches found
CVE-2008-2391
SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service CPU consumption via a pageindex aka data page number of -1...
CVE-2008-2391
CVE-2008-2391 affects SubSonic. The vulnerability allows remote attackers to bypass pagesize limits and trigger a denial-of-service via a pageindex (data page number) of -1, causing CPU consumption. Affected product is SubSonic (details specify improper handling of pageindex values leading to DoS...
CVE-2008-1294
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...
Design/Logic Flaw
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...
CVE-2008-1294
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...
CVE-2008-1294
Mode C: CVE-2008-1294 affects the Linux kernel 2.6.x line (notably 2.6.17 and earlier than 2.6.22). The issue is that RLIMIT_CPU is not validated when a user sets it to 0 until after the change is applied, allowing a local user to bypass CPU time limits. Multiple connected advisories cite this CV...
CVE-2008-1294
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...
krb5 security update
CentOS Errata and Security Advisory CESA-2008:0164 Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network...
RHEL 5 : krb5 (RHSA-2008:0164)
Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...
krb5 security update
CentOS Errata and Security Advisory CESA-2008:0181 Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network...
Critical: Red Hat Security Advisory: krb5 security and bugfix update
Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...
Debian Security Advisory DSA 1222-1 (proftpd)
The remote host is missing an update to proftpd announced via advisory DSA 1222-1. Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the...
pam security, bug fix, and enhancement update
0.99.6.2-3.26 - removed realtime default limits 240123 from the package as it caused regression on machines with nonexistent realtime group 0.99.6.2-3.25 - added and improved translations 219124 - adjusted the default limits for realtime users 240123 0.99.6.2-3.23 - pamunix: truncated MD5 passwor...
Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-346-1)
A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could exploit this to trigger a kernel crash. CVE-2006-2934 A buffer overflow has been discovered in the dvdreadbca function. By inserting a specially...
Ubuntu 5.04 / 5.10 / 6.06 LTS : shadow vulnerability (USN-308-1)
Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...
Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)
Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid to fail via resource starvation. In that situation, the tools wil...
openSUSE 10 Security Update : cron (cron-1440)
A missing check on the return value of setuid in vixie-cron could be used by a local user to gain root privileges by exhausting resource limits and waiting for a cronjob to trigger. This is tracked by the Mitre CVE ID CVE-2006-2607. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Moderate: kernel security and bugfix update
2.6.9-55.0.6.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...
Max label limit can be passed by adding labels via ajax
For CONF-8978, limits were implemented on how many labels can be added in one submit by various "add label" screens, and how many labels can be set on an edit page/edit news screen. However, there is nothing to prevent extra labels being added by the "add label" screens beyond the number allowed ...
Special proxy software to bypass port easily break limit-vulnerability warning-the black bar safety net
It is well known, the network connection is divided into a Sock, HTTP, FTP, and other types, respectively suitable for different applications. However, sometimes the network is only open 8 0 port for HTTP web browsing. Faced with this situation, we must do nothing? Of course not, in SockOnline th...