1907 matches found
Fedora 14 : viewvc-1.1.11-1.fc14 (2011-7222)
security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...
Linux Kernel "execve()"内存扩展"OOM-killer"本地拒绝服务漏洞
BUGTRAQ ID: 45004 CVE ID: CVE-2010-4243 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"OOM-killer"功能在实现上存在安全漏洞,本地攻击者可利用此漏洞终止不相关的进程,造成拒绝服务。 漏洞源于oomkill函数看不到没有附加到任何线程的已分配内存。 Linux kernel 2.6.24.3 - 2.6.37 RedHat Enterprise Linux Desktop v.5 client 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载...
Month of PHP Security - Summary - 1st May - 10th May
Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on...
MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability
MOPS-2010-013: PHP sqlitearrayquery Uninitialized Memory Usage Vulnerability May 7th, 2010 PHP’s sqlitearrayquery function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP...
MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability
MOPS-2010-012: PHP sqlitesinglequery Uninitialized Memory Usage Vulnerability May 7th, 2010 PHP’s sqlitesinglequery function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is P...
PT-2010-2814 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to 7 Description: The issue allows remote attackers to cause a denial of service, consuming memory and CPU, via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. This is related to the ANI...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...
Cacti 'Linux - Get Memory Usage' RCE Vulnerability
Cacti is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
Input validation
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
DEBIAN-CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...
[SECURITY] Fedora 11 Update: ocaml-camlimages-3.0.1-7.fc11.2
CamlImages is an image processing library for Objective CAML, which provide s: basic functions for image processing and loading/saving, various image file formats hence providing a translation facility from format to format, and an interface with the Caml graphics library allows to display images...
Null pointer dereference
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
CVE-2009-1895
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
CVE-2009-1895
The vulnerability CVE-2009-1895 affects the Linux kernel’s personality subsystem prior to 2.6.31-rc3, where PER_CLEAR_ON_SETID fails to clear ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO when executing a setuid/setgid program. This enables local users to exploit memory‑layout details to perform NULL poi...