Lucene search
K

2921 matches found

NVD
NVD
added 2008/05/21 1:24 p.m.12 views

CVE-2008-2391

SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service CPU consumption via a pageindex aka data page number of -1...

7.8CVSS6.6AI score0.01947EPSS
Exploits0References5
CVE
CVE
added 2008/05/21 10:0 a.m.34 views

CVE-2008-2391

CVE-2008-2391 affects SubSonic. The vulnerability allows remote attackers to bypass pagesize limits and trigger a denial-of-service via a pageindex (data page number) of -1, causing CPU consumption. Affected product is SubSonic (details specify improper handling of pageindex values leading to DoS...

7.8CVSS6.7AI score0.01947EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2008/05/02 4:5 p.m.20 views

CVE-2008-1294

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...

2.1CVSS7.2AI score0.00526EPSS
Exploits0References12
Prion
Prion
added 2008/05/02 4:5 p.m.17 views

Design/Logic Flaw

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...

2.1CVSS6.1AI score0.00526EPSS
Exploits0References12Affected Software1
UbuntuCve
UbuntuCve
added 2008/05/02 4:5 p.m.45 views

CVE-2008-1294

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...

2.1CVSS5.9AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2008/05/02 4:0 p.m.71 views

CVE-2008-1294

Mode C: CVE-2008-1294 affects the Linux kernel 2.6.x line (notably 2.6.17 and earlier than 2.6.22). The issue is that RLIMIT_CPU is not validated when a user sets it to 0 until after the change is applied, allowing a local user to bypass CPU time limits. Multiple connected advisories cite this CV...

2.1CVSS7.2AI score0.00526EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2008/05/02 4:0 p.m.22 views

CVE-2008-1294

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMITCPU to 0 until after the change is made, which allows local users to bypass intended resource limits...

7.2AI score0.00526EPSS
Exploits0References12
Cent OS
Cent OS
added 2008/03/19 12:46 a.m.75 views

krb5 security update

CentOS Errata and Security Advisory CESA-2008:0164 Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network...

10CVSS7.5AI score0.10141EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2008/03/19 12:0 a.m.32 views

RHEL 5 : krb5 (RHSA-2008:0164)

Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...

10CVSS8.5AI score0.10141EPSS
Exploits2References11
Cent OS
Cent OS
added 2008/03/18 8:48 p.m.76 views

krb5 security update

CentOS Errata and Security Advisory CESA-2008:0181 Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network...

9.8CVSS7.2AI score0.10141EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2008/03/18 7:26 p.m.36 views

Critical: Red Hat Security Advisory: krb5 security and bugfix update

Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...

10CVSS7.5AI score0.10141EPSS
Exploits2References11
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.27 views

Debian Security Advisory DSA 1222-1 (proftpd)

The remote host is missing an update to proftpd announced via advisory DSA 1222-1. Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the...

10CVSS1.4AI score0.74254EPSS
Exploits5
Oracle linux
Oracle linux
added 2007/11/19 12:0 a.m.42 views

pam security, bug fix, and enhancement update

0.99.6.2-3.26 - removed realtime default limits 240123 from the package as it caused regression on machines with nonexistent realtime group 0.99.6.2-3.25 - added and improved translations 219124 - adjusted the default limits for realtime users 240123 0.99.6.2-3.23 - pamunix: truncated MD5 passwor...

4.3CVSS0.3AI score0.02342EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.40 views

Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-346-1)

A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could exploit this to trigger a kernel crash. CVE-2006-2934 A buffer overflow has been discovered in the dvdreadbca function. By inserting a specially...

7.8CVSS6.5AI score0.1569EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.22 views

Ubuntu 5.04 / 5.10 / 6.06 LTS : shadow vulnerability (USN-308-1)

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

7.2CVSS5.6AI score0.00341EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.42 views

Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)

Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid to fail via resource starvation. In that situation, the tools wil...

7.2CVSS7.9AI score0.00512EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.21 views

openSUSE 10 Security Update : cron (cron-1440)

A missing check on the return value of setuid in vixie-cron could be used by a local user to gain root privileges by exhausting resource limits and waiting for a cronjob to trigger. This is tracked by the Mitre CVE ID CVE-2006-2607. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

7.2CVSS5.4AI score0.00565EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2007/09/05 12:0 a.m.43 views

Moderate: kernel security and bugfix update

2.6.9-55.0.6.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...

6.9CVSS0.2AI score0.00407EPSS
Exploits0
Atlassian
Atlassian
added 2007/08/02 10:47 p.m.19 views

Max label limit can be passed by adding labels via ajax

For CONF-8978, limits were implemented on how many labels can be added in one submit by various "add label" screens, and how many labels can be set on an edit page/edit news screen. However, there is nothing to prevent extra labels being added by the "add label" screens beyond the number allowed ...

1.4AI score
Exploits0
myhack58
myhack58
added 2007/07/25 12:0 a.m.15 views

Special proxy software to bypass port easily break limit-vulnerability warning-the black bar safety net

It is well known, the network connection is divided into a Sock, HTTP, FTP, and other types, respectively suitable for different applications. However, sometimes the network is only open 8 0 port for HTTP web browsing. Faced with this situation, we must do nothing? Of course not, in SockOnline th...

6.9AI score
Exploits0
Rows per page
Query Builder