CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0834
https://notcve.org/view.php?id=CVE-2010-0834
09 Aug 2010 — The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. El paquete base-files anterior a v5.0.0ubuntu7.1 en Ubuntu v9.10 y anterior a v5.0.0ubuntu20.10.04.2 en Ubuntu v10.04 LTS, como los incluidos en portátiles Dell Latitude 2110, no n... • http://secunia.com/advisories/40889 • CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 1CVE-2009-2939
https://notcve.org/view.php?id=CVE-2009-2939
21 Sep 2009 — The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. El script postfix.postinst en el paquete postfix v2.5.5 de Debian GNU/Linux y Ubuntu permite acceso de escritura al usuario postfix en /var/spool/postfix/pid, permitiendo a usuarios locales dirigir ataques de enlaces simbólicos que sobrescriban ficheros de su elección. • http://www.debian.org/security/2011/dsa-2233 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1296
https://notcve.org/view.php?id=CVE-2009-1296
09 Jun 2009 — The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. Las utilidades de soporte eCryptfs (ecryptfs-utils) 73-0ubuntu6.1 sobre Ubuntu v9.04, almacena almacena la "passphrase" de (frase clave) de montaje en los registros de instalación, lo que podría permitir a usuarios locales obtener acceso... • http://secunia.com/advisories/35383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1601
https://notcve.org/view.php?id=CVE-2009-1601
11 May 2009 — The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. El script Ubuntu-clamav milter.init de clamav-milter antes de la versión v0.95.1+dfsg-1ubuntu1.2 en Ubuntu v9.04 establece la propiedad del directorio de trabajo actual a la cuenta clamav, lo que podría permitir el... • http://secunia.com/advisories/35000 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6792
https://notcve.org/view.php?id=CVE-2008-6792
07 May 2009 — system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. system-tools-backends anteriores a v2.6.0-1ubuntu1.1 in Ubuntu v8.10, cuando es utilizado por "Usuarios y Grupos" en GNOME System Tools, cuentas con contraseña hashes con 3DES y cons... • http://osvdb.org/50037 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1573
https://notcve.org/view.php?id=CVE-2009-1573
06 May 2009 — xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la línea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1295
https://notcve.org/view.php?id=CVE-2009-1295
30 Apr 2009 — Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. Apport anterior a v0.108.4 en Ubuntu v8.04 LTS, antes de v0.119.2 en Ubuntu v8.10, y antes de v1.0-0ubuntu5.2 en Ubuntu v9.04 no elimina adecuadamente los archivos del directorio crash-report,lo cual permite a los usuarios locales borrar archiv... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0365 – NetworkManager: GetSecrets disclosure
https://notcve.org/view.php?id=CVE-2009-0365
05 Mar 2009 — nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. El manipulador de peticiones dbus en (1) network-manager-applet y (2) NetworkManager en Ubuntu v6.06 LTS, v7.10, v8.04 LTS, and v8.10 no verifica adecuadamente los privilegios, lo que permite a usuarios locales descubrir (a)las contraseñas de la conexión de red y... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0578 – NetworkManager: local users can modify the connection settings
https://notcve.org/view.php?id=CVE-2009-0578
05 Mar 2009 — GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. network-manager-applet en Ubuntu 8.10 no verifica adecuadamente los privilegios para las peticiones dbus(1) "modify" y (2) "delete", lo que permite a usuarios locales modificar o eliminar las conexiones de red de... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 1CVE-2006-7236 – xterm - DECRQSS Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-7236
02 Jan 2009 — The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. La configuración por defecto de sid en xterm para Debian GNU/Linux y posiblemente Ubuntu activa el recurso allowWindowOps, lo que permite a atacantes asistidos por el usuario, ejecutar código de su elección o tener otro impacto no determinado a través de secuencias de escape. • https://www.exploit-db.com/exploits/32690 • CWE-16: Configuration •