NotCVE - vendor:"Debian" product:"Debian Linux" version:" <= 8.0"

Page 86 of 4598 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2005-4890

https://notcve.org/view.php?id=CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la ioctl TIOCSTI para insertar caracteres en el búfer de entrada para ser leídos por el siguiente proceso. • http://www.openwall.com/lists/oss-security/2012/11/06/8 http://www.openwall.com/lists/oss-security/2013/05/20/3 http://www.openwall.com/lists/oss-security/2013/11/28/10 http://www.openwall.com/lists/oss-security/2013/11/29/5 http://www.openwall.com/lists/oss-security/2014/10/20/9 http://www.openwall.com/lists/oss-security/2014/10/21/1 http://www.openwall.com/lists/oss-security/2014/12/15/5 http://www.openwall.com/lists/oss-security/201 • CWE-20: Improper Input Validation •

CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3

CVE-2019-18683

https://notcve.org/view.php?id=CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0

CVE-2013-4412

https://notcve.org/view.php?id=CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17 slim presenta una desreferencia del puntero NULL cuando es usado el método crypt() de glibc versión 2.17. • http://www.openwall.com/lists/oss-security/2013/10/09/6 http://www.securityfocus.com/bid/62906 https://access.redhat.com/security/cve/cve-2013-4412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412 https://exchange.xforce.ibmcloud.com/vulnerabilities/89675 https://security-tracker.debian.org/tracker/CVE-2013-4412 • CWE-476: NULL Pointer Dereference •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2013-4168

https://notcve.org/view.php?id=CVE-2013-4168

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. Vulnerabilidad de tipo cross-site scripting (XSS) en SmokePing versión 2.6.9, en los campos de hora de inicio y finalización. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html http://www.openwall.com/lists/oss-security/2013/07/25/8 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4168 https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563 https://security-tracker.debian.org/tracker/CVE-2013-4168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2005-2351

https://notcve.org/view.php?id=CVE-2005-2351

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. Mutt versiones anteriores a 1.5.20, parche 7, permite a un atacante causar una denegación de servicio por medio de una serie de peticiones para archivos temporales de mutt. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296 https://security-tracker.debian.org/tracker/CVE-2005-2351 • CWE-668: Exposure of Resource to Wrong Sphere •

1...84 85 86 87 88