CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0365 – NetworkManager: GetSecrets disclosure
https://notcve.org/view.php?id=CVE-2009-0365
05 Mar 2009 — nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. El manipulador de peticiones dbus en (1) network-manager-applet y (2) NetworkManager en Ubuntu v6.06 LTS, v7.10, v8.04 LTS, and v8.10 no verifica adecuadamente los privilegios, lo que permite a usuarios locales descubrir (a)las contraseñas de la conexión de red y... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0578 – NetworkManager: local users can modify the connection settings
https://notcve.org/view.php?id=CVE-2009-0578
05 Mar 2009 — GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. network-manager-applet en Ubuntu 8.10 no verifica adecuadamente los privilegios para las peticiones dbus(1) "modify" y (2) "delete", lo que permite a usuarios locales modificar o eliminar las conexiones de red de... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5103
https://notcve.org/view.php?id=CVE-2008-5103
17 Nov 2008 — The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opción -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta raí... • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5104
https://notcve.org/view.php?id=CVE-2008-5104
17 Nov 2008 — Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defe... • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 2%CPEs: 64EXPL: 0CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o te... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2008-0172 – boost regular expression NULL dereference flaw
https://notcve.org/view.php?id=CVE-2008-0172
17 Jan 2008 — The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. La función get_repeat_type en basic_regex_creator.hpp de la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (referencia nula y c... • http://bugs.gentoo.org/show_bug.cgi?id=205955 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-3920 – gnome-screensaver loses keyboard grab when running under compiz
https://notcve.org/view.php?id=CVE-2007-3920
29 Oct 2007 — GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. El salvapantallas 2.20 de GNOME en Ubuntu 7.10, cuando se usa con Compiz, no reserva el foco de entrada apropiadamente, lo cual permite a atacantes remotos con acceso físico tomar el control de la sesión después de haber introducido la secuencia Alt-Tab, tema simila... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html •
CVSS: 9.8EPSS: 57%CPEs: 222EXPL: 1CVE-2007-5365 – Ubuntu 6.06 - DHCPd Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-5365
11 Oct 2007 — Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. Un desbordamiento de búfer en la región stack de la memoria en la función cons_options en el archivo options.c en dhcpd en OpenBSD versiones 4.0 hasta 4.2, y algunas o... • https://www.exploit-db.com/exploits/4601 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5159
https://notcve.org/view.php?id=CVE-2007-5159
01 Oct 2007 — The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. El paquete ntfs-3g anterior a 1.913-2.fc7 en Fedora 7, y en el paquete kntfs-3g package en Ubuntu 7.10/Gutsy, asigna de forma incorrecta los permisos (setuid root) en mount.ntfs-3g, el cual permite a usuarios... • http://secunia.com/advisories/26938 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
18 Sep 2007 — Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de ... • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •