CVE-2012-1155
https://notcve.org/view.php?id=CVE-2012-1155
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Moodle posee un problema de permiso de exportación de la actividad de la base de datos donde la función de exportación del módulo de actividad de la base de datos exporta todas las entradas, incluso aquellas de grupos a los que el usuario no pertenece • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html https://access.redhat.com/security/cve/cve-2012-1155 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1238
https://notcve.org/view.php?id=CVE-2016-1238
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL y (25) utils/splain.PL en Perl 5.x en versiones anteriores a 5.22.3-RC2 y 5.24 en versiones anteriores a 5.24.1 1-RC2 no elimina adecuadamente caracteres . (period) del final de la matriz de directorio incluida, lo que podría permitir a usuarios locales obtener privilegios a través de un módulo Troyano bajo el directorio de trabajo actual. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab http://www.debian.org/security/2016/dsa-3628 http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html http://www.securityfocus.com/bid/92136 http://www.securitytracker.com/id/1036440 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-8837
https://notcve.org/view.php?id=CVE-2015-8837
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. Desbordamiento de buffer basado en pila en la función isofs_real_readdir en isofs.c en FuseISO 20070708 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un nombre de ruta largo en un archivo ISO. • http://www.debian.org/security/2016/dsa-3551 http://www.openwall.com/lists/oss-security/2015/02/06/7 http://www.openwall.com/lists/oss-security/2015/02/23/9 https://bugzilla.redhat.com/show_bug.cgi?id=862211 https://bugzilla.redhat.com/show_bug.cgi?id=863091 https://security.gentoo.org/glsa/202007-20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-8836
https://notcve.org/view.php?id=CVE-2015-8836
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. Desbordamiento de entero en la función isofs_real_read_zf en isofs.c en FuseISO 20070708 podría permitir a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un gran tamaño de bloque ZF en un archivo ISO, dando lugar a un desbordamiento de buffer basado en memoria dinámica. • http://www.debian.org/security/2016/dsa-3551 http://www.openwall.com/lists/oss-security/2015/02/06/7 http://www.openwall.com/lists/oss-security/2015/02/23/9 https://bugzilla.redhat.com/show_bug.cgi?id=861358 https://bugzilla.redhat.com/show_bug.cgi?id=863102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-5109
https://notcve.org/view.php?id=CVE-2010-5109
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. Error de superación de límite (off-by-one) en la función DecompressRTF en ytnef.c en Yerase's TNEF Stream Reader permite a atacantes remotos causar una denegación de servicio (caída) a través de un archivo TNEF manipulado, lo que provoca un desbordamiento de buffer. • http://sourceforge.net/p/ytnef/bugs/13 http://www.openwall.com/lists/oss-security/2013/04/11/1 http://www.securityfocus.com/bid/54484 https://bugzilla.redhat.com/show_bug.cgi?id=831322 https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html • CWE-189: Numeric Errors •