Page 4 of 87 results (0.011 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-0578 – NetworkManager: local users can modify the connection settings

https://notcve.org/view.php?id=CVE-2009-0578

GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. network-manager-applet en Ubuntu 8.10 no verifica adecuadamente los privilegios para las peticiones dbus(1) "modify" y (2) "delete", lo que permite a usuarios locales modificar o eliminar las conexiones de red de usuarios de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34067 http://secunia.com/advisories/34473 http://www.redhat.com/support/errata/RHSA-2009-0361.html http://www.securityfocus.com/bid/33966 http://www.securitytracker.com/id?1021909 http://www.ubuntu.com/usn/USN-727-1 https://bugzilla.redhat.com/show_bug.cgi?id=487752 https://exchange.xforce.ibmcloud.c • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1

CVE-2008-5103

https://notcve.org/view.php?id=CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opción -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta raíz con una contraseña en texto claro de ! • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://osvdb.org/49996 http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46603 • CWE-255: Credentials Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1

CVE-2008-5104

https://notcve.org/view.php?id=CVE-2008-5104

Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defecto de root, lo que permite a atacantes remotos evitar las restricciones de login previstas. • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46881 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 64EXPL: 0

CVE-2008-2808 – Firefox file location escaping flaw

https://notcve.org/view.php?id=CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 2%CPEs: 6EXPL: 0

CVE-2008-0172 – boost regular expression NULL dereference flaw

https://notcve.org/view.php?id=CVE-2008-0172

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. La función get_repeat_type en basic_regex_creator.hpp de la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (referencia nula y caída) mediante una expresión regular inválida. • http://bugs.gentoo.org/show_bug.cgi?id=205955 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28511 http://secunia.com/advisories/28527 http://secunia.com/advisories/28545 http://secunia.com/advisories/28705 http://secunia.com/advisories/28860 http://secunia.com/advisories/28943 http://secunia.com/advisories/29323 http://secunia.com/advisories/48099 http://svn.boost.org/trac/boost/changeset/42674 http://svn.boost • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •