CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4832
https://notcve.org/view.php?id=CVE-2008-4832
17 Nov 2008 — rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time. rc.sysinit en el paquete initscripts en sus versiones 8.12-8.21 y 8.56.15-0.1 de rPath permite a usuarios locales borrar archivos arbi... • http://secunia.com/advisories/32710 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2007-6283 – bind: /etc/rndc.key has 644 permissions by default
https://notcve.org/view.php?id=CVE-2007-6283
18 Dec 2007 — Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. Red Hat Enterprise Linux 5 y Fedora instalan el fichero Bind /etc/rndc.key file con permisos de lectura por todos, lo cual permite a usuarios locales realizar comandos no autorizados, como provocar una denegación de servicio por un comando de parada. • http://secunia.com/advisories/28180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5079 – gdm with xdmcp ignoring tcp_wrappers on x86_64
https://notcve.org/view.php?id=CVE-2007-5079
25 Sep 2007 — Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. Red Hat Enterprise Linux 4 no compila apropiadamente y enlaza gdm con tcp_wrappers en plataformas x86_64, lo cual podría permitir a atacantes remotos evitar restricciones de acceso intencionadas. • http://www.redhat.com/support/errata/RHSA-2010-0657.html •
CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
18 Sep 2007 — Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de ... • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3379
https://notcve.org/view.php?id=CVE-2007-3379
17 Sep 2007 — Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. Vulnerabilidad no especificada en el kernel en Red Hat Enterprise Linux (RHEL) 4 sobre la plataforma x86_64 permite a usuarios locales provocar denegación de servicio (OOPS) a través de vectores no especificados relacionados con la función get_gate_vma y el comando fuser. • http://rhn.redhat.com/errata/RHBA-2007-0304.html •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3531
https://notcve.org/view.php?id=CVE-2007-3531
25 Jul 2007 — The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. La función set_default_speeds en backend/backend.c en NVidia NVClock before 0.8b2 permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre el archivo temporal /tmp/nvclock. • http://bugs.gentoo.org/show_bug.cgi?id=184071 •
CVSS: 9.8EPSS: 9%CPEs: 56EXPL: 0CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1352
05 Apr 2007 — Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 •
CVSS: 7.2EPSS: 1%CPEs: 23EXPL: 2CVE-2007-1049 – WordPress Core < 2.09 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1049
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función wp_explain_nonce de la funcionalidad nonce AYS (wp-includes/functions.php) p... • https://www.exploit-db.com/exploits/29598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0476
https://notcve.org/view.php?id=CVE-2007-0476
25 Jan 2007 — The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. La secuencia de comandos gencert.sh, cuando se instala OpenLDAP anterior a la 2.1.30-r10, la 2.2.x anterior a la 2.2.28-r7 y la 2.3.x anterior a la 2.3.30-r2 como en el ebuild del Gentoo Linux, no crea directorios temp... • http://osvdb.org/31617 •
CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 0CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
07 Dec 2006 — A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga re... • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc •