CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1424 – Ubuntu Security Notice USN-2413-1
https://notcve.org/view.php?id=CVE-2014-1424
21 Nov 2014 — apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." apparmor_parser en el paquete apparmor anterior a 2.8.95~2430-0ubuntu5.1 en Ubuntu 14.04 permite a atacantes evadir las políticas AppArmor a través de vectores no especificados, relacionado con un 'fallo en miscompilación.' An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under certain circumst... • http://www.ubuntu.com/usn/USN-2413-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1069 – Ubuntu Security Notice USN-2105-1
https://notcve.org/view.php?id=CVE-2013-1069
14 Feb 2014 — Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. Ubuntu Metal como un servicio (MaaS) 1.2 y 1.4 utiliza permisos de lectura para todos para txlongpoll.yaml, lo que permite a usuarios locales obtener credenciales de autenticación de RabbitMQ mediante la lectura del archivo. James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable f... • http://www.ubuntu.com/usn/USN-2105-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-1070 – Ubuntu Security Notice USN-2105-1
https://notcve.org/view.php?id=CVE-2013-1070
14 Feb 2014 — Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. Vulnerabilidad de XSS en la API en Ubuntu Metal como un servicio (MaaS) 1.2 y 1.4 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro op hacia nodes/. James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user... • http://www.securityfocus.com/bid/65575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4092
https://notcve.org/view.php?id=CVE-2011-4092
10 Feb 2014 — obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. obby (también conocido como libobby) no verifica certificados de servidor SSL, lo que permite a atacantes remotos falsificar servidores a través de un certificado arbitrario. • http://www.openwall.com/lists/oss-security/2011/10/30/5 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2011-4613 – X.Org xorg 1.4 < 1.11.2 - File Permission Change
https://notcve.org/view.php?id=CVE-2011-4613
05 Feb 2014 — The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. El wrapper de las X de X.org (xserver-wrapper.c) en Debian GNU/Linux and Ubuntu Linux no verifica debidamente la TTY de un usuario que está arrancando las X, lo cual permite a usuarios locales evadir restricciones de acceso mediante ... • https://www.exploit-db.com/exploits/18040 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 91%CPEs: 7EXPL: 2CVE-2013-2186 – commons-fileupload: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2186
16 Oct 2013 — The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a tr... • https://github.com/GrrrDog/ACEDcup • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1066 – Ubuntu Security Notice USN-1958-1
https://notcve.org/view.php?id=CVE-2013-1066
18 Sep 2013 — language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. language-selector 0.110.x anterior a la versión 0.110.1, 0.90.x anterior a 0.90.1 y 0.79.x anterior a la versión 9.79.4 no utiliza adecuadament... • http://secunia.com/advisories/54911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 113EXPL: 1CVE-2011-1842
https://notcve.org/view.php?id=CVE-2011-1842
03 May 2011 — dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729. dbus_backend/lsd.py en el backend D-Bus de language-selector anteriores a v0.6.7 no valida los argumentos en( 1 )SetSystemDefaultLangEnv y ( 2 )las funciones SetSystemDefaultLanguageEnv,... • http://secunia.com/advisories/44214 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 113EXPL: 0CVE-2011-0729
https://notcve.org/view.php?id=CVE-2011-0729
29 Apr 2011 — dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. dbus_backend/ls-dbus-back-end en el backend de D-Bus en el selector de lenguaje antes de v0.6.7 no restringe el acceso en base al resultado de verificación de PolicyKit, lo que permite a usuarios loca... • http://secunia.com/advisories/44214 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2011-0724
https://notcve.org/view.php?id=CVE-2011-0724
18 Feb 2011 — The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. El Live de Edubuntu v9.10, v10.04 LTS, y v10.10 no regenera correctamente las claves privadas iTALC después de la instalación, lo que hace que cada instalación tenga una clave fija, lo cual permite a atacantes remotos obtener privilegios. • http://www.securityfocus.com/bid/46346 • CWE-310: Cryptographic Issues •