Page 4 of 65 results (0.019 seconds)

CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre escribir archivos de su elección, o leer otros ficheros de errores de usuarios de Xsession, a través de un ataque de enlaces simbólicos sobre un archivo/tmp/xses-$USER. • http://secunia.com/advisories/22992 http://securitytracker.com/id?1017015 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805 https://bugs.freedesktop.org/show_bug.cgi?id=5898 https://exchange.xforce.ibmcloud.com/vulnerabilities/29427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205 •

CVSS: 2.6EPSS: 1%CPEs: 10EXPL: 0

Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-009.txt.asc http://secunia.com/advisories/19585 http://securitytracker.com/id?1015907 http://www.osvdb.org/24577 http://www.securityfocus.com/bid/17496 https://exchange.xforce.ibmcloud.com/vulnerabilities/25786 •

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. • http://archives.neohapsis.com/archives/netbsd/2006-q2/0014.html http://secunia.com/advisories/19615 http://securitytracker.com/id?1015908 http://www.osvdb.org/24578 http://www.securityfocus.com/bid/17497 https://exchange.xforce.ibmcloud.com/vulnerabilities/25766 •

CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0

NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-013.txt.asc http://secunia.com/advisories/19616 http://securitytracker.com/id?1015909 http://www.osvdb.org/24579 http://www.securityfocus.com/bid/17498 https://exchange.xforce.ibmcloud.com/vulnerabilities/25764 •

CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0

NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file. • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-007.txt.asc http://secunia.com/advisories/19465 http://securitytracker.com/id?1015847 http://www.osvdb.org/24258 https://exchange.xforce.ibmcloud.com/vulnerabilities/25581 •