Page 2 of 264 results (0.019 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 7

CVE-2015-1328 – Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. La implementación de overlayfs en el paquete linux (también conocido como kernel Linux) en versiones anteriores a 3.19.0-21.21 en Ubuntu hasta la versión 15.04 no comprueba adecuadamente permisos para la creación de archivos en el directorio de sistema de archivos upper, lo que permite a usuarios locales obtener acceso de root aprovechando una configuración donde overlayfs es permitido en un espacio de nombre de montaje arbitrario. • https://www.exploit-db.com/exploits/40688 https://www.exploit-db.com/exploits/37293 https://www.exploit-db.com/exploits/37292 https://github.com/elit3pwner/CVE-2015-1328-GoldenEye https://github.com/notlikethis/CVE-2015-1328 https://github.com/SR7-HACKING/LINUX-VULNERABILITY-CVE-2015-1328 http://seclists.org/oss-sec/2015/q2/717 http://www.exploit-db.com/exploits/40688 http://www.securityfocus.com/bid/75206 https://people.canonical.com/~ubuntu-security/cve/2015/CVE • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.9EPSS: 96%CPEs: 67EXPL: 1

CVE-2011-0997 – dhclient: insufficient sanitization of certain DHCP response values

https://notcve.org/view.php?id=CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. dhclient en ISC DHCP 3.0.x hasta la versión 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres shell en un nombre de anfitrión obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitrión dado por dhclient-script. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html http://marc.info/?l=bugtraq&m=133226187115472&w=2 http://secunia.com/advisories/44037 http://secunia.com/advisories/44048 http://secunia.com/advisories/44089 http://secunia.com/advisories/44090 http://secunia.com/advisories/44103 http://secunia.com/advisories/44127&# • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 18%CPEs: 19EXPL: 5

CVE-2011-0762 – vsftpd 2.3.2 - Denial of Service

https://notcve.org/view.php?id=CVE-2011-0762

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. La función vsf_filename_passes_filter de ls.c de vsftpd en versiones anteriores a la 2.3.3 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de toda la CPU y agotamiento de los slots de procesos) a través de una expresión glob modificada en comandos STAT en múltiples sesiones FTP. Una vulnerabilidad distinta a la CVE-2010-2632. Vsftpd versions 2.3.2 on NetBSD and 2.3.0 on Ubuntu suffer from a remote denial of service vulnerability. • https://www.exploit-db.com/exploits/16270 ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 http://cxib.net/stuff/vspoc232.c http://jvn.jp/en/jp/JVN37417423/index.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http&# • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

https://notcve.org/view.php?id=CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadamente la modificación del conjunto de cifrado en la caché de sesión, lo que permite a atacantes remotos forzar la degradación para un cifrado no destinado a través de vectores que involucran rastreo de tráfico de red para descubrir un identificador de sesión. • http://cvs.openssl.org/chngview?cn=20131 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html& •

CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 1

CVE-2010-3848 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation

https://notcve.org/view.php?id=CVE-2010-3848

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. Desbordamiento de búfer basado en pila en la función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando hay configurada una dirección econet, permite a usuarios locales conseguir privilegios, proporcionando un gran número de estructuras iovec. • https://www.exploit-db.com/exploits/17787 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a27e13d370415add3487949c60810e36069a23a6 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11/30/1 http://secunia.com/advisories/43056 http://secunia.com&# • CWE-787: Out-of-bounds Write •