Page 72 of 386 results (0.014 seconds)

CVSS: 9.3EPSS: 3%CPEs: 15EXPL: 1

CVE-2009-1837 – Firefox Race condition while accessing the private data of a NPObject JS wrapper class object

https://notcve.org/view.php?id=CVE-2009-1837

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Condición de carrera en la función NPObjWrapper_NewResolve en modules/plugin/base/src/nsJSNPRuntime.cpp en xul.dll en Mozilla Firefox v3 anteriores a v3.0.11 podría permitir a atacantes remotos ejecutar código arbitrario a través de una pagina de transición durante la carga de un applet de Java, relacionado con una vulnerabilidad uso-después-de-liberación para asociar memoria con un objeto Java destrozado. • http://secunia.com/advisories/34241 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35468 http://secunia.com/secunia_research/2009-19 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mozilla.org/security/announce/2009/mfs • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 3.6EPSS: 0%CPEs: 20EXPL: 0

CVE-2009-0834 – kernel: x86-64: syscall-audit: 32/64 syscall hole

https://notcve.org/view.php?id=CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. La función audit_syscall_entry en el núcleo de Linux v2.6.28.7 y versiones anteriores en la plataforma x86_64 no maneja adecuadamente (1) un proceso de 32-bit haciendo una llamada al sistema (syscall) de 64 bit o (2) un proceso de 64-bit haciendo una llamada al sistema (syscall) de 32-bit, lo cual permite a usuarios locales evitar determinadas configuraciones de auditoría de llamadas al sistema (syscall) a través de llamadas al sistema (syscall) manipuladas, una cuestión diferente a VE-2009-0342 y CVE-2009-0343. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccbe495caa5e604b04d5a31d7459a6f6a76a756c http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://marc.info/?l=linux-kernel&m=123579056530191&w=2 http://marc.info/?l=linux-kernel&m=123579065130246&w=2 http://marc.info/?l=oss-security&m •

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2008-4315 – tog-pegasus: failed authentication attempts not logged via PAM

https://notcve.org/view.php?id=CVE-2008-4315

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. tog-pegasus en OpenGroup Pegasus 2.7.0 en Red Hat Enterprise Linux (RHEL) 5, Fedora 9, y Fedora 10 no registra los intentos de autenticacion fallidos a el servidor OpenPegasus CIM, lo cual facilita a atacantes remotos evitar la detección de ataques de intento de adivinar passwords. • http://osvdb.org/50278 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securitytracker.com/id?1021281 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=472017 https://exchange.xforce.ibmcloud.com/vulnerabilities/46830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-4313 – tog-pegasus: WBEM services access not restricted to dedicated user after 2.7.0 rebase

https://notcve.org/view.php?id=CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. Un parche de Red Hat para tog-pegasus en OpenGroup Pegasus 2.7.0 no configura adecuadamente el nombre PAM tty, lo que permite a usuarios autenticados remotamente evitar las restricciones de acceso previstas y enviar peticiones a servicios OpenPegasus WBEM. • http://osvdb.org/50277 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securityfocus.com/bid/32460 http://www.securitytracker.com/id?1021283 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=459217 https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-3825 – pam_krb5 existing_ticket permission flaw

https://notcve.org/view.php?id=CVE-2008-3825

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. pam_krb5 2.2.14 de Red Hat Enterprise Linux (RHEL) 5 y versiones anteriores, cuando la opción existing_ticket está activa, utiliza privilegios incorrectos cuando lee una caché de credenciales Kerberos, lo cual permite a usuarios locales conseguir privilegios mediante el establecimiento de la variable de entorno KRB5CCNAME en un nombre de fichero cacheado de su elección y ejecutar los programas (1) su o (2) sudo. NOTA: puede haber un vector relacionado con la participación de sshd que tiene una importancia limitada. • http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://secunia.com/advisories/32119 http://secunia.com/advisories/32135 http://secunia.com/advisories/32174 http://secunia.com/advisories/43314 http://www.mandriva.com/security/advisories?name=MDVSA-2008:209 http://www.redhat.com/support/errata/RHSA-2008-0907.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/31534 http://www.securitytracker.com/id?1020978 h • CWE-264: Permissions, Privileges, and Access Controls •