CVSS: 4.6EPSS: 0%CPEs: 21EXPL: 0CVE-2008-4639
https://notcve.org/view.php?id=CVE-2008-4639
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. El archivo jhead.c en Matthias Wandel jhead versión 2.84 y anteriores, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque symlink en un archivo temporal. • http://www.openwall.com/lists/oss-security/2008/10/15/5 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.openwall.com/lists/oss-security/2008/10/16/3 http://www.openwall.com/lists/oss-security/2009/02/06/5 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-4641
https://notcve.org/view.php?id=CVE-2008-4641
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. La función DoCommand en el archivo jhead.c en Matthias Wandel jhead 2.84 y versiones anteriores, que permite a los atacantes remotos ejecutar arbitrariamente comandos a través del intérprete de meta-caracteres en entradas no especificadas. • http://www.openwall.com/lists/oss-security/2008/10/15/5 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.openwall.com/lists/oss-security/2008/10/16/3 http://www.openwall.com/lists/oss-security/2008/11/26/4 http://www.securityfocus.com/bid/31921 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 1CVE-2008-4575
https://notcve.org/view.php?id=CVE-2008-4575
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." Desbordamiento de búfer en la función DoCommand de jhead before 2.84 podría permitir a atacantes dependientes del contexto provocar una denegación de servicio (caída) mediante (1) un argumento -cmd largo y (2) posiblemente otros vectores no especificados. • http://secunia.com/advisories/32363 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.securityfocus.com/bid/31770 http://www.sentex.net/~mwandel/jhead/changes.txt https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •