CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2009-0115 – device-mapper-multipath: insecure permissions on multipathd.sock
https://notcve.org/view.php?id=CVE-2009-0115
30 Mar 2009 — The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero d... • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 6%CPEs: 15EXPL: 0CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
22 Feb 2009 — The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a... • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.3EPSS: 11%CPEs: 9EXPL: 0CVE-2009-0385
https://notcve.org/view.php?id=CVE-2009-0385
02 Feb 2009 — Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Error de presencia de signo en entero en la función fourxm_read_header en libavformat/4xm.c en FFmpeg versiones anteriores a revision 16846 permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo 4X malforma... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0314
https://notcve.org/view.php?id=CVE-2009-0314
28 Jan 2009 — Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Vulnerabilidad de ruta de búsqueda no confiable en el módulo Python en gedit; permite a usuarios locales ejecutar código de su elección a través de un fichero Python caballo de troya en el directorio de trabajo actual. Está relacionado con la vulnerabilidad en l... • http://bugzilla.gnome.org/show_bug.cgi?id=569214 • CWE-426: Untrusted Search Path •
CVSS: 9.1EPSS: 0%CPEs: 56EXPL: 0CVE-2009-0180
https://notcve.org/view.php?id=CVE-2009-0180
20 Jan 2009 — Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. Algunos Fedora crean secuencias de comando para nfs-utils anteriores a v1.1.2-9.fc9 en Fedora 9, y anteriores a v1.1.4-6.fc10 en Fedora 10, no da soporte a TCP Wrapper, lo que podría permitir a atacantes remotos evitar las restricciones de acceso prevista... • http://secunia.com/advisories/33545 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
13 Nov 2008 — The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de conf... • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 14%CPEs: 22EXPL: 0CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
12 Nov 2008 — nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMo... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2008-4577 – dovecot: incorrect handling of negative rights in the ACL plugin
https://notcve.org/view.php?id=CVE-2008-4577
15 Oct 2008 — The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. El plugin ACL en Dovecot anterior a 1.1.4 amenaza los derechos del acceso negativo como si fueran derechos de acceso positivos, lo que permite a atacantes evitar las restricciones de acceso previstas. • http://bugs.gentoo.org/show_bug.cgi?id=240409 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 124EXPL: 2CVE-2008-3832 – Linux Kernel (Fedora 8/9) - 'utrace_control' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2008-3832
03 Oct 2008 — A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. Cierto parche de Fedora en el subsistema utrace de Linux Kernel versiones anteriores a v2.6.26.5-28 de Fedora 8, y versiones anteriores a v2.6.26.5-45 de Fedora 9, permite a usuarios locales provocar una denegación de servicio (punte... • https://www.exploit-db.com/exploits/32451 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3524
https://notcve.org/view.php?id=CVE-2008-3524
29 Sep 2008 — rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. El archivo rc.sysinit en initscripts anteriores a versión 8.76.3-1 en Fedora versión 9 y otras plataformas Linux, permite a los usuarios locales eliminar archivos arbitrarios por medio de un ataque de tipo symlink en un archivo o directorio según (1) /var/lock o (2) /var/run . • http://secunia.com/advisories/32037 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •