Page 22 of 115 results (0.039 seconds)

CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen. La configuración predeterminada de IBUS 1.5.4, y posiblemente de 1.5.2 y anteriores, cuando IBus.InputPurpose.PASSWORD no se establece y utiliza con GNOME 3, no oscurece los caracteres escritos, lo que permite a atacantes físicamente próximos obtener una contraseña de usuario mediante la lectura de la pantalla de bloqueo. • http://lists.opensuse.org/opensuse-updates/2013-11/msg00036.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00045.html https://bugzilla.redhat.com/show_bug.cgi?id=1027028 https://code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690 https://github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7 https://groups.go • CWE-255: Credentials Management Errors •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 1

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. La función translate_hierarchy_event de x11/clutter-device-manager-xi2.c en nClutter, al reanudar el sistema, no maneja adecuadamente los errores XIQueryDevice cuando un dispositivo ha "desaparecido," lo que provoca el cuelgue de gnome-shell y permite físicamente a atacantes próximos el acceso a anteriores sesiones de gnome-shell a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html http://www.openwall.com/lists/oss-security/2013/06/19/1 https://bugzilla.gnome.org/show_bug.cgi?id=701974 https://bugzilla.redhat.com/show_bug.cgi?id=980111 https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. Condición de carrera en PolicyKit (también conocida como polkit) permite a usuarios locales evadir restricciones PolicyKit intencionadas y obtener privilegios iniciando un proceso setuid o pkexec antes de que la comproboación de autorización se realice, relacionado con (1) la función de API polkit_unix_process_new, (2) la API dbus, o (3) la opción --process (unix-process) para autorizar a pkcheck. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375 http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html http://rhn.redhat.com/errata/RHSA-2013-1270.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://seclists.org/oss-sec/2013/q3/626 http://www.openwal • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. internal/cimxml/sax/NodeFactory.java en el cliente Common Information Model (CIM) de Standards-Based Linux Instrumentation for Manageability (SBLIM) (también conocido como sblim-cim-client2) anterior a 2.1.12 procesa valores hash sin restringir la posibilidad de provocar colisiones de hash previsibles, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de un archivo XML manipulado. • http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00038.html http://rhn.redhat.com/errata/RHSA-2012-0987.html http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7 http://sourceforge.net/p/sblim/bugs/2381 https://access.redhat.com/security/cve/CVE-2012-2328 https://bugzilla.redhat.com/show_bug.cgi?id=819733 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. PostgreSQL v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7, y v9.1.x antes de v9.1.3 trunca el nombre común a sólo 32 caracteres en la verificación de los certificados SSL, lo que permite a atacantes remotos falsificar conexiones cuando el nombre de host es exactamente de 32 caracteres. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html http://rhn.redhat.com/errata/RHSA-2012-0678.html http://secunia.com/advisories/49273 http://www.debian.org/security/2012/dsa-2418 http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 http://www.postgresql.org/about/news/1377 http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/9.0/static/release-9-0-7.html http://www.postgresql.org/docs/9.1&#x • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •