Смотрите также связанные темы
18.08.2018 CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
15.08.2018 SYM08-015: Veritas Storage Foundation for Windows Volume Manager Scheduler Service for Windows Security Update Circumvention
It is possible to circumvent the security patch that resolved a previously identified authentication bypass, remote code execution vulnerability in the Veritas Storage Foundation for Windows v5.0 Volume Manager Scheduler Service.
03.09.2018 CVE-2008-3901
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
16.10.2018 [ MDVA-2008:146 ] kdegames4
The kdegames4 package included in 2009.0 contains a bug, where
the kdegames4-devel package did not require corresponding library
packages, leading to broken symbolic links when linking kdegames.
28.10.2018 Security Vulnerability in the Search Feature of the Sun Java System LDAP JDK
A security vulnerability in the search feature of the Sun Java System LDAP JDK may allow local unprivileged users to gain access to unauthorized information from applications that use the LDAP JDK library.
19.12.2018 CVE-2008-5684
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).
25.12.2018 AIST NetCat <= 3.12 Blind SQL Injection Exploit
Цель: AIST NetCat 3.12 и более ранние версии Воздействие: SQL-инъекция
26.10.2018 Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function
A security vulnerability in the SSL_get_shared_ciphers() function within the OpenSSL library shipped with Solaris 10 may affect applications which make use of this function.
15.01.2018 CVE-2009-0125
** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification."
26.01.2018 Blue Eye CMS <= 1.0.0 (clanek) Blind SQL Injection Exploit
Цель: Blue Eye CMS 1.0.0 и более ранние версии Воздействие: SQL-инъекция
|
