CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0578 – NetworkManager: local users can modify the connection settings
https://notcve.org/view.php?id=CVE-2009-0578
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. network-manager-applet en Ubuntu 8.10 no verifica adecuadamente los privilegios para las peticiones dbus(1) "modify" y (2) "delete", lo que permite a usuarios locales modificar o eliminar las conexiones de red de usuarios de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34067 http://secunia.com/advisories/34473 http://www.redhat.com/support/errata/RHSA-2009-0361.html http://www.securityfocus.com/bid/33966 http://www.securitytracker.com/id?1021909 http://www.ubuntu.com/usn/USN-727-1 https://bugzilla.redhat.com/show_bug.cgi?id=487752 https://exchange.xforce.ibmcloud.c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2006-7236 – xterm - DECRQSS Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-7236
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. La configuración por defecto de sid en xterm para Debian GNU/Linux y posiblemente Ubuntu activa el recurso allowWindowOps, lo que permite a atacantes asistidos por el usuario, ejecutar código de su elección o tener otro impacto no determinado a través de secuencias de escape. • https://www.exploit-db.com/exploits/32690 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 http://secunia.com/advisories/33388 https://usn.ubuntu.com/703-1 • CWE-16: Configuration •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5104
https://notcve.org/view.php?id=CVE-2008-5104
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defecto de root, lo que permite a atacantes remotos evitar las restricciones de login previstas. • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46881 • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5103
https://notcve.org/view.php?id=CVE-2008-5103
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opción -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta raíz con una contraseña en texto claro de ! • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://osvdb.org/49996 http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46603 • CWE-255: Credentials Management Errors •
CVSS: 8.3EPSS: 5%CPEs: 2EXPL: 0CVE-2008-4395
https://notcve.org/view.php?id=CVE-2008-4395
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. Múltiples desbordamientos de búfer en el modulo ndiswrapper v1.53 en el kernel de Linux v2.6 permite a atacantes remotos ejecutar código a su elección mediante el envío de paquetes a través de una red inalámbrica local que obligue a tener un ESSID largo. • http://bugs.gentoo.org/show_bug.cgi?id=239371 http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git%3Ba=commitdiff%3Bh=49945b423c2f7e33b4c579ca460df6a806ee8f9f http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://secunia.com/advisories/32509 http://www.mail-archive.com/frugalware-git%40frugalware.org/msg22366.html http://www.securityfocus.com/bid/32118 http://www.securitytracker.com/id?1021142 http://www.ubuntu.com/usn/usn-662-1 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •