Page 2 of 8 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4

CVE-2019-17080 – mintinstall 7.9.9 - Code Execution

https://notcve.org/view.php?id=CVE-2019-17080

mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports. mintinstall (también se conoce como Software Manager) versión 7.9.9 para Linux Mint, permite la ejecución de código si un atacante controla un archivo de REVIEWS_CACHE, ya que se produce un unpickle. Esto se resuelve en 8.0.0 y backports. mintinstall version 7.9.9 suffers from an object injection vulnerability. • https://www.exploit-db.com/exploits/47457 http://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.html https://forums.linuxmint.com/viewtopic.php?f=143&t=302960 https://github.com/Andhrimnirr/Mintinstall-object-injection https://github.com/linuxmint/mintinstall/blob/master/debian/changelog • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-13054

https://notcve.org/view.php?id=CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. Se ha descubierto un problema en Cinnamon, desde la versión 1.9.2 hasta la 3.8.6. • https://bugzilla.suse.com/show_bug.cgi?id=1083067 https://github.com/linuxmint/Cinnamon/pull/7683 https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-1949

https://notcve.org/view.php?id=CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. GTK+ 3.10.9 y anteriores, utilizado en cinnamon-screensaver, gnome-screensaver, y otras aplicaciones, permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la activación del botón del menú. • http://advisories.mageia.org/MGASA-2014-0374.html http://seclists.org/oss-sec/2014/q1/327 http://seclists.org/oss-sec/2014/q1/331 http://www.mandriva.com/security/advisories?name=MDVSA-2015:162 http://www.ubuntu.com/usn/USN-2475-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145 https://bugzilla.redhat.com/show_bug.cgi?id=1064695 https://github.com/linuxmint/cinnamon-screensaver/issues/44 • CWE-284: Improper Access Control •