Page 15 of 136 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types

https://notcve.org/view.php?id=CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 2

CVE-2009-0876 – Sun xVM VirtualBox 2.0/2.1 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. Sun xVM VirtualBox versiones 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2 y 2.1.4r42893 en Linux, permite a los usuarios locales alcanzar privilegios por medio de un ataque de enlace físico, que conserva los bits de setuid/setgid en Linux, relacionado con DT_RPATH:$ORIGIN. • https://www.exploit-db.com/exploits/32848 http://osvdb.org/52580 http://secunia.com/advisories/34232 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1 http://www.openwall.com/lists/oss-security/2009/03/15/1 http://www.openwall.com/lists/oss-security/2009/03/17/2 http://www.securityfocus.com/bid/34080 http://www.securitytracker.com/id?1021841 http://www.virtualbox.org/ticket/3444 http://www.vupen.com/english/advisories/2009/0674 https:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0

CVE-2009-0601

https://notcve.org/view.php?id=CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Una vulnerabilidad de formato de cadena en Wireshark 0.99.8 a 1.0.5 sobre plataformas No-Windows permite a usuarios locales provocar una denegación de servicio (con cuelgue de la aplicacion) a través de especificadores de formato de cadena en la variable de entorno HOME. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/34264 http://wiki.rpath.com/Advisories:rPSA-2009-0040 http://www.securityfocus.com/archive/1/501763/100/0/threaded http://www.securityfocus.com/bid/33690 http://www.securitytracker.com/id?1021697 http://www.vupen.com/english/advisories/2009/0370 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150 https://issue • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0

CVE-2008-5422

https://notcve.org/view.php?id=CVE-2008-5422

Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0

CVE-2008-5423

https://notcve.org/view.php?id=CVE-2008-5423

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. Sun Ray Server Software v3.x y v4.0 y Sun Ray Windows Connector v1.1 y v2.0 exponen la contraseña LDAP durante un paso de configuración, lo que permite a usuarios locales descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y el Administration GUI, mediante vectores no especificados relacionados con el componente utconfig de el Server Software y el componente uttscadm de el Windows Connector. • http://secunia.com/advisories/33108 http://secunia.com/advisories/33119 http://securitytracker.com/id?1021379 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm http://www.securityfocus.com/bid/32772 http://www.vupen.com/english/advisories/2008/3406 http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •