Lucene search
K

207 matches found

RedHat Linux
RedHat Linux
added 2004/12/08 7:6 p.m.47 views

Important: Red Hat Security Advisory: ImageMagick security update

Updated ImageMagick packages that fixes a buffer overflow are now available. ImageMagickTM is an image display and manipulation tool for the X Window System. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an...

10CVSS6.1AI score0.05843EPSS
Exploits0References4
Debian
Debian
added 2004/11/09 4:55 p.m.39 views

[SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 591-1 [email protected] http://www.debian.org/security/ Martin Schulze November 9th, 2004 http://www.debian.org/security/faq -...

10CVSS6.8AI score0.28255EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/10/08 12:0 a.m.26 views

RHEL 2.1 / 3 : cyrus-sasl (RHSA-2004:546)

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. Updated 7th October 2004 Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. The cyrus-sasl package contain...

7.2CVSS5.5AI score0.00506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2004/09/15 3:17 p.m.33 views

Low: Red Hat Security Advisory: mc security update

An updated mc package that resolves several shell escape security issues is now available. Updated 5 January 2005 Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. Midnight Commander mc is a visual shell much like a file manager. Shell...

7.5CVSS6AI score0.01625EPSS
Exploits0References2
CERT
CERT
added 2004/08/17 12:0 a.m.33 views

CVS "history" command may disclose sensitive information

Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...

5CVSS6.2AI score0.024EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.29 views

RHEL 2.1 / 3 : rsync (RHSA-2004:192)

An updated rsync package that fixes a directory traversal security flaw is now available. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to wri...

5CVSS5.3AI score0.03404EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.25 views

RHEL 2.1 / 3 : iproute (RHSA-2003:317)

Updated iproute packages that close a locally-exploitable denial of service vulnerability are now available. The iproute package contains advanced IP routing and network device configuration tools. Herbert Xu reported that iproute can accept spoofed messages sent on the kernel netlink interface b...

4.9CVSS5.5AI score0.00371EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.31 views

RHEL 2.1 : man (RHSA-2003:134)

Updated man packages fix a minor security vulnerability. The man package includes tools for finding information and documentation about commands on a system. Versions of man before 1.51 have a bug where a malformed man file can cause a program named 'unsafe' to be run. To exploit this vulnerabili...

4.6CVSS5.6AI score0.01513EPSS
Exploits1References4
CERT
CERT
added 2004/05/19 12:0 a.m.78 views

CVS contains a heap overflow in the handling of flag insertion

Overview A heap overflow vulnerability in the Concurrent Versions System CVS could allow a remote attacker to execute arbitrary code on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory...

7.5CVSS7.5AI score0.67525EPSS
Exploits1References4
CERT
CERT
added 2004/04/12 12:0 a.m.14 views

BEA WebLogic Server stores administrator password in clear text in config.xml

Overview BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed...

6.9AI score
Exploits0References3
CERT
CERT
added 2004/03/10 12:0 a.m.44 views

Linux kernel mremap(2) system call does not properly check return value from do_munmap() function

Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...

6.6AI score
Exploits0References7
CERT
CERT
added 2004/01/20 12:0 a.m.35 views

Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Overview Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges. Description The Linux kernel handles the basic functionality of the operating...

7.2CVSS5.9AI score0.00436EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2003/12/16 2:5 p.m.3 views

Moderate: Red Hat Security Advisory: : Updated lftp packages fix security vulnerability

Updated lftp packages are now available that fix a buffer overflow security vulnerability. lftp is a command-line file transfer program supporting FTP and HTTP protocols. Ulf Härnhammar discovered a buffer overflow bug in versions of lftp up to and including 2.6.9. An attacker could create a...

7.5CVSS6.5AI score0.13677EPSS
Exploits0
CERT
CERT
added 2003/11/04 12:0 a.m.25 views

Multiple vulnerabilities in X.400 implementations

Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...

5CVSS7AI score0.02507EPSS
Exploits0References3
CERT
CERT
added 2003/07/30 12:0 a.m.26 views

SGI IRIX name services daemon (nsd) and modules mishandle AUTH_UNIX gid list

Overview A remotely exploitable vulnerability has been discoved in the "nsd" service for SGI IRIX systems. A remote attacker may be able to gain root access to the vulnerable system. Description A remotely exploitable heap overflow vulnerability has been discovered in a function for the RPC...

10CVSS7AI score0.02897EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2003/06/18 5:27 p.m.26 views

Important: Red Hat Security Advisory: xpdf security update

Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. Updated 21 July 2003 Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System...

7.5CVSS6AI score0.40942EPSS
Exploits0References3
CERT
CERT
added 2003/06/05 12:0 a.m.23 views

Cisco Secure ACS for Windows CSAdmin vulnerable to buffer overflow via login requests

Overview Cisco Secure ACS for Windows contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description Cisco Secure ACS for Windows is an authentication, authorization, and accounting AAA server. From Cisco Security...

7.5CVSS8AI score0.05894EPSS
Exploits0References8
CERT
CERT
added 2003/04/10 12:0 a.m.54 views

Samba contains multiple buffer overflows

Overview Samba contains several buffer overflow vulnerabilitites. At least one of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. Description Samba is a widely used open-source implementation of Server Message Block...

7.7AI score
Exploits0References11
OSV
OSV
added 2003/01/31 12:0 a.m.19 views

DSA-248 hypermail - buffer overflows

Bulletin has no description...

7.5CVSS6.2AI score0.049EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2002/11/07 5:35 p.m.29 views

Critical: Red Hat Security Advisory: krb5 security update

A remotely exploitable stack buffer overflow has been found in the Kerberos v4 compatibility administration daemon distributed with the Red Hat Linux Advanced Server krb5 packages. Updated 09 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Kerberos is a network authentication...

10CVSS5.9AI score0.15105EPSS
Exploits0References3
Rows per page
Query Builder