CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2012-0055 – OverlayFS inode Security Checks - 'inode.c' Local Security Bypass
https://notcve.org/view.php?id=CVE-2012-0055
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. OverlayFS en el kernel de Linux versiones anteriores a 3.0.0-16.28, como es usado en Ubuntu versiones 10.0.4 LTS y 11.10, carece de verificaciones de seguridad de inode que podrían permitir a atacantes omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. • https://www.exploit-db.com/exploits/36571 http://www.openwall.com/lists/oss-security/2012/01/17/11 http://www.ubuntu.com/usn/USN-1363-1 http://www.ubuntu.com/usn/USN-1364-1 http://www.ubuntu.com/usn/USN-1384-1 https://access.redhat.com/security/cve/cve-2012-0055 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4407
https://notcve.org/view.php?id=CVE-2011-4407
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. ppa.py en Software Properties anterior a 0.81.13.3 no valida el certificado de servidor cuando descarga huellas dactilares de claves GPG PPA, lo que permite a atacantes man-in-the-middle (MITM) falsificar claves GPG para un repositorio de paquete. • http://www.ubuntu.com/usn/USN-1352-1 https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 88%CPEs: 19EXPL: 1CVE-2012-0444 – Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0444
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. Mozilla Firefox v3.6.26 y v4.x hasta el v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 no inicializa correctamente las estructuras de datos nsChildView, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria caida de la aplicación) o posiblemente ejecutar código de su elección a través de un archivo Ogg Vorbis debidamente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/48043 http://secunia.com/advisories/48095 http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 1CVE-2011-4613 – X.Org xorg 1.4 < 1.11.2 - File Permission Change
https://notcve.org/view.php?id=CVE-2011-4613
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. El wrapper de las X de X.org (xserver-wrapper.c) en Debian GNU/Linux and Ubuntu Linux no verifica debidamente la TTY de un usuario que está arrancando las X, lo cual permite a usuarios locales evadir restricciones de acceso mediante las asociación de stdin con un archivo que es malinterpretado como la consola TTY. • https://www.exploit-db.com/exploits/18040 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249 http://www.debian.org/security/2011/dsa-2364 http://www.ubuntu.com/usn/USN-1349-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 19%CPEs: 15EXPL: 0CVE-2011-4517 – jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
https://notcve.org/view.php?id=CVE-2011-4517
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. La función jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un cálculo determinado de tamaño, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria dinámica y ejecutar código arbitrario, o provocar una denegación de servicio (corrupción de memoria dinámica), a través de un archivo JPEG2000 mal formado. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://osvdb.org/77596 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •