CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2020-8016 – race condition in the packaging of texlive-filesysten
https://notcve.org/view.php?id=CVE-2020-8016
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. Una vulnerabilidad de Condición de Carrera habilitando un Seguimiento de Enlace en el paquete de texlive-filesystem de SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1, permite a los usuarios locales corromper archivos o escalar potencialmente privilegios. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html https://bugzilla.suse.com/show_bug.cgi?id=1159740 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 6CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 19%CPEs: 15EXPL: 0CVE-2011-4517 – jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
https://notcve.org/view.php?id=CVE-2011-4517
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. La función jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un cálculo determinado de tamaño, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria dinámica y ejecutar código arbitrario, o provocar una denegación de servicio (corrupción de memoria dinámica), a través de un archivo JPEG2000 mal formado. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://osvdb.org/77596 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 10%CPEs: 14EXPL: 0CVE-2011-4516 – jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
https://notcve.org/view.php?id=CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. Desbordamiento de buffer de memoria dinámica en la función jpc_cox_getcompparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un valor numrlvls de un archivo JPEG2000. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://osvdb.org/77595 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1526 – krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
https://notcve.org/view.php?id=CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. ftpd.c en el demonio GSS-API FTP en MIT Kerberos Version 5 Applications (también conocido como krb5-appl) v1.0.1 y anteriores no comprueban el valor de retorno krb5_setegid, lo que permite que usuarios autenticados de forma remota evitar las restricciones de acceso de grupo, y crear, sobreescribir, borrar, o leer ficheros, a través de comandos FTP estándar, relacionado con test autoconfigurados olvidados en un script configurado. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5_setegid() function call. On systems where the set real, set effective, or set saved group ID system calls might fail, a remote FTP user could use this flaw to gain unauthorized read or write access to files that were owned by the root group. • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-269: Improper Privilege Management •