CVE-2016-10610
https://notcve.org/view.php?id=CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. unicode-json es una tabla de búsquedas de unicode. unicode-json en versiones anteriores a la 2.0.0 descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/206 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVE-2016-10578
https://notcve.org/view.php?id=CVE-2016-10578
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Unicode carga datos Unicode descargados de unicode.org en nodejs. Unicode en versiones anteriores a la 9.0.0 descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/161 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVE-2008-1142
https://notcve.org/view.php?id=CVE-2008-1142
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. Rxvt versión 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podría permitir a los usuarios locales secuestrar conexiones X11. NOTA: más tarde se informó que rxvt-unicode, mrxvt, aterm, multi-aterm y wterm también se ven afectados. • http://article.gmane.org/gmane.comp.security.oss.general/122 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29576 http://secunia.com/advisories/30224 http://secunia.com/advisories/30225 http://secunia.com/advisories/30226 http://secunia.com/advisories/30227 http://secunia.com/advisories/30229 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-0126
https://notcve.org/view.php?id=CVE-2006-0126
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. • http://dist.schmorp.de/rxvt-unicode/Changes http://secunia.com/advisories/18301 http://www.osvdb.org/22223 http://www.vupen.com/english/advisories/2006/0052 •