Page 36 of 205 results (0.039 seconds)

CVSS: 9.3EPSS: 6%CPEs: 15EXPL: 0

CVE-2010-0395 – openoffice.org Execution of Python code when browsing macros

https://notcve.org/view.php?id=CVE-2010-0395

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. OpenOffice.org v2.x y v3.0 anterior v3.2.1 permite a atacantes remotos asistidos por usuarios supera las restricciones macro de seguridad de Python y ejecutar código Python de su elección a través de un fichero de texto OpenDocument manipulado lo cual ocasiona la ejecución de código cuando la estructura directorio macro es previsualizada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40070 http://secunia.com/advisories/40084 http://secunia.com/advisories/40104 http://secunia.com/advisories/40107 http://secunia.com/advisories/41818 http:/ •

CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 1

CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs

https://notcve.org/view.php?id=CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2009-2472 – Mozilla multiple cross origin wrapper bypasses

https://notcve.org/view.php?id=CVE-2009-2472

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." Mozilla Firefox anteriores a v3.0.12 no usa siempre XPCCrossOriginWrapper cuando es requerido durante la construcción del objeto, lo que permite a atacantes remotos eludir la "Same Origin Policy" y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante un documento manipulado, relacionado con una "cross origin wrapper bypass." • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-1162.html http://secunia.com/advisories/35914 http://secunia.com/advisories/35944 http://secunia.com/advisories/36005 http://secunia.com/advisories/36145 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2009-1186

https://notcve.org/view.php?id=CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Desbordamiento de búfer en la función util_path_encode en udev/lib/libudev-util.c en udev antes de v1.4.1 permite a usuarios locales provocar una denegación de servicio (parada del servicio) mediante vectores que disparan una llamada con argumentos manipulados. • http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd8c1aedacc36788e6fd028944314 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html http://secunia.com/advisories/34731 http://secunia.com/advisories/34750 http://secunia.com/advisories/34753 http://secunia.com/advisories/34771 http://secunia.com/advisories/34776 http://secunia.com/advisories/34785 http://secunia.com/advisories/34787 http://secunia.com/advisories/34801 http://slackware.com/sec • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 3

CVE-2009-1185 – Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-1185

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. udev antes de v1.4.1 no verifica si un mensaje NETLINK es generado desde el espacio del kernel, lo que permite a usuarios locales obtener privilegios mediante el envio de un mensaje NETLIINK desde el espacio de usuario. Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland. • https://www.exploit-db.com/exploits/8478 https://www.exploit-db.com/exploits/8572 https://www.exploit-db.com/exploits/21848 http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75 http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-secu • CWE-346: Origin Validation Error CWE-862: Missing Authorization •