Page 2 of 12 results (0.027 seconds)

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 1

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. Unity anterior a 7.2.1, utilizado en Ubuntu 14.04, no restringe debidamente acceso al guión cuando la pantalla de bloqueo está activada, lo que permite a atacantes físicamente próximos evadir la pantalla de bloqueo y ejecutar comandos arbitrarios, tal y como fue demostrado presionando la tecla SUPER antes de que la pantalla se bloquee automáticamente. • http://ubuntu.com/usn/usn-2184-1 http://www.openwall.com/lists/oss-security/2014/04/29/2 http://www.openwall.com/lists/oss-security/2014/05/03/1 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unity 4.x anteriores a v4.2(1)ES162, 5.x anteriores a v5.0(1)ES56, y 7.x anteriores a v7.0(2)ES8, que permite a los administradores autenticados remotos inyectar una secuencia de comandos web o HTML arbitrarios metiéndolos en la base de datos (también conocida como almacén de datos). • http://secunia.com/advisories/32207 http://securitytracker.com/id?1021012 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=127 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 2%CPEs: 14EXPL: 0

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificación anónima (también conocida como autenticación nativa Unity), permite a atacantes remotos provocar una denegación de servicio (agotamiento de sesión) a través de un gran número de conexiones. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021013 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=128 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45743 • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. Cisco Unity v4.x anteriores a v4.2(1)ES161, v5.x anteriores a v5.0(1)ES53, and v7.x anteriores a v7.0(2)ES8 usa permisos débiles para el directorio D:\CommServer\Reports directory, lo que permite a usuarios remotos autentificados conseguir información sensible, leyendo ficheros en este directorio. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021022 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=130 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45742 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 0

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. Una vulnerabilidad no especificada en Unity de Cisco versiones 4.x anteriores a 4.2 (1) ES161, versiones 5.x anteriores a 5.0 (1) ES53 y versiones 7.x anteriores 7.0 (2) ES8, cuando utiliza autenticación anónima (también conocida como autenticación Unity nativa), permite a los atacantes remotos omitir la autenticación y leer o modificar los parámetros de configuración del sistema yendo hacia un enlace específico más de una vez. • http://secunia.com/advisories/32187 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31638 http://www.securityfocus.com/bid/31642 http://www.securitytracker.com/id?1021011 http://www.voipshield.com/research-details.php?id=126 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45741 • CWE-287: Improper Authentication •