CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2013-2776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2776
08 Apr 2013 — sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CV... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 80EXPL: 7CVE-2013-1775 – Apple Mac OSX - Sudo Password Bypass
https://notcve.org/view.php?id=CVE-2013-1775
04 Mar 2013 — sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. sudo v1.6.0 a la v1.7.10p6 y sudo v1.8.0 a la v1.8.6p6, permite a usuarios locales o físicamente próximos evitar las restricciones de tiempo y mantener los privilegios sin necesidad de reautenticarse, simplemente estableciendo el reloj del sistema y... • https://packetstorm.news/files/id/123032 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1148 – expat: Memory leak in poolGrow
https://notcve.org/view.php?id=CVE-2012-1148
03 Jul 2012 — Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Múltiples fugas de memoria en la función poolGrow en expat/lib/xmlparse.c en expat anteriores a v2.1.0 podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un número largo de ... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2009-5078 – Gentoo Linux Security Advisory 201310-14
https://notcve.org/view.php?id=CVE-2009-5078
30 Jun 2011 — contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 lanza el programa Ghostscript sin la opcion -dSAFER, lo que permite a usuarios remotos crear, sobrescribir, renombrar o eliminar archivos de su elección a través de un documento manipulado. OS... • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2009-5044 – Gentoo Linux Security Advisory 201310-14
https://notcve.org/view.php?id=CVE-2009-5044
24 Jun 2011 — contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 permite sobreescribir ficheros de su elección a los usuarios locales a través de un ataque de enlace simbólico sobre un fichero temporal pdf#####.tmp . OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache,... • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz • CWE-59: Improper Link Resolution Before File Access ('Link Following') •