CVSS: 6.9EPSS: 0%CPEs: 44EXPL: 0CVE-2013-4169 – gdm: TOCTTOU race condition on /tmp/.X11-unix
https://notcve.org/view.php?id=CVE-2013-4169
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. GNOME Display Manager (gdm) anteriores a 2.21.1 permiten a usuarios locales cambiar permisos de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre /tmp/.X11-unix/. • http://rhn.redhat.com/errata/RHSA-2013-1213.html http://secunia.com/advisories/54661 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498 https://access.redhat.com/security/cve/CVE-2013-4169 https://bugzilla.redhat.com/show_bug.cgi?id=988498 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 2.1EPSS: 0%CPEs: 226EXPL: 0CVE-2009-1276
https://notcve.org/view.php?id=CVE-2009-1276
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. XScreenSaver en Sun Solaris v10 and OpenSolaris anteriores a snv_109, y Solaris v8 y v9 con GNOME v2.0 o v2.0.2, permite a atacantes próximos físicamente conseguir información sensible, leyendo las ventanas "PopUp"s, que se muestran cuando la pantalla se bloquea, como se demostró en las notificaciones de nuevo mensaje de Thunderbird. • http://securitytracker.com/id?1022009 http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-22-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255308-1 http://www.securityfocus.com/bid/34421 http://www.vupen.com/english/advisories/2009/0978 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2003-0070
https://notcve.org/view.php?id=CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. El emulador de terminal gnome-terminal permite a atacantes modificar el título de la ventana mediante cierta secuencia de carácter de escape, y a continuación volver a insertarlo en la línea de comandos del terminal del usuario, lo que podría permitir al atacante ejecutar comandos arbitrarios. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://seclists.org/lists/bugtraq/2003/Mar/0010.html http://www.iss.net/security_center/static/11414.php http://www.redhat.com/support/errata/RHSA-2003-053.html •