CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6206 – Issue with core dump owner
https://notcve.org/view.php?id=CVE-2007-6206
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. La función do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de núcleo si éste existe antes de una creación de proceso root en un volcado de núcleo en la misma ubicación, lo que podría permitir a los usuarios locales obtener información confidencial. • http://bugzilla.kernel.org/show_bug.cgi?id=3043 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://rhn.redhat.com/errata/RHSA-2008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6170
https://notcve.org/view.php?id=CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los argumentos (1) ANI y (2) DNIS. • http://downloads.digium.com/pub/security/AST-2007-026.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://www.debian.org/security/2007/dsa-1417 http://www.securityfocus.com/archive/1/484388/100/0/threaded http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 51EXPL: 0CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. • ftp://aix.software.ibm.com/aix/efixes/security/README http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120352263023774&w=2 http://secunia.com/advisories/27479 http://secunia.com/advisories/27515 http://secunia.com/advisories/27531 http://secunia.com/advisories/27546 http://secunia.com/advisories/27548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2007-5827
https://notcve.org/view.php?id=CVE-2007-5827
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. iSCSI Enterprise Target (iscsitarget) 0.4.15 utiliza permisos débiles para /etc/ietd.conf, lo cual permite a usuarios locales obtener las contraseñas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873 http://osvdb.org/42037 http://secunia.com/advisories/27483 http://www.securityfocus.com/bid/26299 https://exchange.xforce.ibmcloud.com/vulnerabilities/38228 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 48EXPL: 0CVE-2007-5197
https://notcve.org/view.php?id=CVE-2007-5197
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. El desbordamiento de búfer en la clase Mono.Math.BigInteger en Mono versión 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar código arbitrario por medio de vectores no específicos relacionados a Reduce en métodos Pow basados en Montgomery. • http://bugs.gentoo.org/attachment.cgi?id=134361&action=view http://bugs.gentoo.org/show_bug.cgi?id=197067 http://secunia.com/advisories/27439 http://secunia.com/advisories/27493 http://secunia.com/advisories/27511 http://secunia.com/advisories/27583 http://secunia.com/advisories/27612 http://secunia.com/advisories/27639 http://secunia.com/advisories/27937 http://www.debian.org/security/2007/dsa-1397 http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •