CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 1CVE-2012-0943 – LightDM 1.0.6 - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2012-0943
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue. debian/guest-account en Light Display Manager (lightdm) 1.0.x anterior a 1.0.6 y 1.1.x anterior a 1.1.7, utilizad en Ubuntu Linux 11.10, permite a usuarios locales eliminar archivos arbitrarios a través de un espacio en el nombre de un archivo en /tmp. NOTA: este identificador fue dividido (SPLIT) por ADT1/ADT2 debido a diferentes bases de código y versiones afectadas. CVE-2012-6648 ha sido asignado para el problema gdm-guest-session. • https://www.exploit-db.com/exploits/36966 http://www.ubuntu.com/usn/USN-1399-2 https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044 https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1166
https://notcve.org/view.php?id=CVE-2012-1166
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. Los atajos de teclado (keybindings) por defecto para wwm de LTSP Display Manager (ldm) versiones 2.2.x anteriores a 2.2.7, permiten a los atacantes remotos ejecutar comandos arbitrarios por medio del atajo de teclado KP_RETURN, que inicia una ventana terminal. • http://irclogs.ltsp.org/?d=2012-03-12 http://www.ubuntu.com/usn/USN-1398-1 https://bugs.launchpad.net/ubuntu/%2Bsource/ldm/%2Bbug/953340 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0248 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0248
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de una imagen hecha a mano, cuya IFD contiene etiquetas IOP que referencian al principio del IDF. • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 76%CPEs: 17EXPL: 0CVE-2012-0247 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0247
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de desplazamientos (offsets) modificados y contar valores en la etiqueta ResolutionUnit en el EXIF IFD0 de una imagen . • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2498
https://notcve.org/view.php?id=CVE-2011-2498
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. El kernel de Linux desde versión v2.3.36 anteriores a v2.6.39, permite a usuarios locales sin privilegios causar una denegación de servicio (consumo de memoria) al activar la creación de páginas PTE. • http://marc.info/?l=oss-security&m=130923704824984&w=2 https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2498.html https://security-tracker.debian.org/tracker/CVE-2011-2498 https://usn.ubuntu.com/1167-1 https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-1383-1 • CWE-772: Missing Release of Resource after Effective Lifetime •