Page 14 of 83 results (0.030 seconds)

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0

CVE-2009-1903

https://notcve.org/view.php?id=CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. La funcionalidad de protección de PDF XSS en ModSecurity anterior a v2.5.8, permite a atacantes remotos provocar una denegación de servicio (caída del httpd Apacche) a través de una petición a un archivo PDF que no emplea el método GET. • http://secunia.com/advisories/34256 http://secunia.com/advisories/34311 http://secunia.com/advisories/35687 http://security.gentoo.org/glsa/glsa-200907-02.xml http://sourceforge.net/project/shownotes.php?release_id=667538 http://www.osvdb.org/52552 http://www.securityfocus.com/bid/34096 http://www.vupen.com/english/advisories/2009/0703 https://exchange.xforce.ibmcloud.com/vulnerabilities/49211 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html https:/ •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-1603

https://notcve.org/view.php?id=CVE-2009-1603

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. Vulnerabilidad en src/tools/pkcs11-tool.c en pkcs11-tool de OpenSC v0.11.7. Cuando se utiliza con modulos PKCS#11 de terceras partes sin especificar, genera claves RSA con exponentes públicos incorrectos, lo que permite a usuarios remotos leer en texto claro mensajes que se pretendió que fueran encriptados. • http://secunia.com/advisories/35035 http://secunia.com/advisories/35293 http://secunia.com/advisories/35309 http://secunia.com/advisories/36074 http://security.gentoo.org/glsa/glsa-200908-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:123 http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html http://www.openwall.com/lists/oss-security/2009/05/08/1 http://www.vupen.com/english/advisories/2009/1295 https://www.redhat.com/archives • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 1

CVE-2009-1573

https://notcve.org/view.php?id=CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la línea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 http://secunia.com/advisories/39834 http://www.openwall.com/lists/oss-security/2009/05/05/2 http://www.openwall.com/lists/oss-security/2009/05/05/4 http://www.securityfocus.com/bid/34828 http://www.ubuntu.com/usn/USN-939-1 http://www.vupen.com/english/advisories/2010/1185 https://exchange.xforce.ibmcloud.com/vulnerabilities/50348 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-6755

https://notcve.org/view.php?id=CVE-2008-6755

ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. ZoneMinder v1.23.3 en Fedora 10 establece la propiedad de /etc/zm.conf a la cuenta de usuario de apache, y establece los permisos a 0600, lo cual facilita a los atacantes remotos la modificación de este archivo para acceder a él a través de un archivo de secuencias de comandos PHP (1) o CGI (2). • https://bugzilla.redhat.com/show_bug.cgi?id=476529 https://exchange.xforce.ibmcloud.com/vulnerabilities/50324 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2009-1186

https://notcve.org/view.php?id=CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Desbordamiento de búfer en la función util_path_encode en udev/lib/libudev-util.c en udev antes de v1.4.1 permite a usuarios locales provocar una denegación de servicio (parada del servicio) mediante vectores que disparan una llamada con argumentos manipulados. • http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd8c1aedacc36788e6fd028944314 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html http://secunia.com/advisories/34731 http://secunia.com/advisories/34750 http://secunia.com/advisories/34753 http://secunia.com/advisories/34771 http://secunia.com/advisories/34776 http://secunia.com/advisories/34785 http://secunia.com/advisories/34787 http://secunia.com/advisories/34801 http://slackware.com/sec • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •