CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3067
https://notcve.org/view.php?id=CVE-2008-3067
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. sudo en SUSE de openSUSE 10.3 no limpia el búfer stdin cuando se termina el tiempo de introducción de contraseña, lo que podría permitir a usuarios locales obtener una contraseña leyendo stdin del proceso padre después de que comience un proceso sudo hijo. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/43618 • CWE-255: Credentials Management Errors •
CVSS: 5.1EPSS: 0%CPEs: 19EXPL: 0CVE-2008-2667
https://notcve.org/view.php?id=CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors. Una vulnerabilidad de inyección SQL en Courier Authentication Library (también se conoce como courier-authlib) anterior a versión 0.60.6 en openSUSE de SUSE versiones 10.3 y 11.0, y otras plataformas, cuando se utilizan MySQL y un juego de caracteres non-Latin, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del nombre de usuario y otros vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=225407 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30591 http://secunia.com/advisories/30967 http://security.gentoo.org/glsa/glsa-200809-05.xml http://www.courier-mta.org/authlib/changelog.html http://www.mail-archive.com/courier-users%40lists.sourceforge.net/msg31362.html http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1375 – kernel: race condition in dnotify (local DoS, local roothole possible)
https://notcve.org/view.php?id=CVE-2008-1375
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. Una condición de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegación de servicio (OOPS) y posiblemente alcanzar privilegios por medio de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://marc.info/?l=linux-kernel&m=120967963803205&w=2 http://marc.info/?l=linux-kernel&m=120967964303224&w=2 http://secunia.com/advisories/30017 http://secunia.com/advisories/30018 http://secu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2008-0883 – acroread: insecure handling of temporary files
https://notcve.org/view.php?id=CVE-2008-0883
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en ficheros temporales relativos al manejo de certificados SSL. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29229 http://secunia.com/advisories/29242 http://secunia.com/advisories/29425 http://secunia.com/advisories/31136 http://secunia.com/advisories/31352 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1 http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html http://www.adobe.com/support/security/advisories/apsa08-02.html http://www.gentoo.org/security&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') •