Page 26 of 135 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-1149

https://notcve.org/view.php?id=CVE-2010-1149

probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. probers/udisks-dm-export.c en udisks anteriores a v1.0.1 exporta información UDISKS_DM_TARGETS_PARAMS a udev incluso para UDISKS_DM_TARGETS_TYPE cifrados, lo que permite a usuarios locales descubrir las claves de cifrado mediante (1) la ejecución de cierto comando udevadm o (2) la lectura de cierto fichero bajo /dev/.udev/db/. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687 http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039060.html http://secunia.com/advisories/39332 http://www.securityfocus.com/bid/39265 https://bugs.freedesktop.org/show_bug.cgi?id=27494 https://bugzilla.novell.com/show_bug.cgi?id=594261 https://bugzilla.redhat.com/show_bug.cgi? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2010-0750

https://notcve.org/view.php?id=CVE-2010-0750

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. pkexec.c en pkexec en libpolkit en PolicyKit v0.96 permite a usuarios locales determinar la existencia de ficheros de forma arbitraria a través del argumento. • http://bugs.freedesktop.org/show_bug.cgi?id=26982 http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a http://marc.info/?l=oss-security&m=127014095301235&w=2 http://marc.info/?l=oss-security&m=127014999113790&w=2 http://secunia.com/advisories/39149 http://secunia.com/advisories/48817 http://security.gentoo.org/glsa/glsa-201204-06.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/57543 https://launchpad.net/bugs/532852 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.6EPSS: 0%CPEs: 49EXPL: 2

CVE-2009-1189 – dbus: invalid fix for CVE-2008-3834

https://notcve.org/view.php?id=CVE-2009-1189

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. La función _dbus_validate_signature_with_reason (dbus-marshal-validate.c) en D-Bus (también conocido como DBus) en versiones anteriores a 1.2.14 utiliza lógica incorrecta para validar un tipo básico, lo que permite a atacantes remotos suplantar una firma a través de una clave manipulada. NOTA: esto es debido a una solución incorrecta para CVE-2008-3834. • http://bugs.freedesktop.org/show_bug.cgi?id=17803 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/32127 http://secunia.com/advisories/35810 http://secunia.com/advisories/38794 http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a http://www.openwall.com/lists/oss-security/2009/04/16/13 http://www.securityfocus.com/bid/31602 http://www • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2009-0068

https://notcve.org/view.php?id=CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. Error de interacción en xdg-open permite a atacantes remotos ejecutar código de su elección enviando un archivo con un tipo MIME peligroso pero utilizando un tipo seguro que Firefox envía a xdg-open, lo que provoca que xdg-open procese el archivo de tipo peligroso mediante una detección de tipo automática, como se demostró sobrescribiendo el archivo .desktop. • http://www.openwall.com/lists/oss-security/2009/01/06/1 http://www.securityfocus.com/bid/33137 https://bugs.freedesktop.org/show_bug.cgi?id=19377 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0

CVE-2008-4311

https://notcve.org/view.php?id=CVE-2008-4311

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. La configuración por defecto de system.conf en D-Bus (alias DBus) y versiones anteriores a 1.2.6 omite el atributo send_type en ciertas reglas, el cual permite a los usuarios locales evitar las restricciones de acceso (1) enviando mensajes, en relación a send_requested_reply; y posiblemente (2) recibiendo mensajes, relativos a receive_requested_reply. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 http://forums.fedoraforum.org/showthread.php?t=206797 http://lists.freedesktop.org/archives/dbus/2008-December/010702.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html http://secunia.com/advisories/ • CWE-16: Configuration •