CVSS: 9.8EPSS: 80%CPEs: 28EXPL: 2CVE-2019-17571 – log4j: deserialization of untrusted data in SocketServer
https://notcve.org/view.php?id=CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando se combina con un dispositivo de deserialización al escuchar el tráfico de red no confiable para datos de registro. Esto afecta a Log4j versiones desde 1.2 hasta 1.2.17. A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. • https://github.com/shadow-horse/CVE-2019-17571 https://github.com/Al1ex/CVE-2019-17571 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E https://lists.apache& • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2012-6111
https://notcve.org/view.php?id=CVE-2012-6111
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function gnome-keyring no descarta los secretos almacenados cuando se usa la función gnome_keyring_lock_all_sync. • http://www.openwall.com/lists/oss-security/2013/01/17/4 https://access.redhat.com/security/cve/cve-2012-6111 https://bugzilla.gnome.org/show_bug.cgi?id=690466 https://security-tracker.debian.org/tracker/CVE-2012-6111 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5639
https://notcve.org/view.php?id=CVE-2012-5639
LibreOffice and OpenOffice automatically open embedded content LibreOffice y OpenOffice abren automáticamente el contenido insertado. • http://www.openwall.com/lists/oss-security/2012/12/14/1 http://www.openwall.com/lists/oss-security/2023/12/28/6 http://www.openwall.com/lists/oss-security/2024/01/03/6 http://www.openwall.com/lists/oss-security/2024/01/03/7 https://access.redhat.com/security/cve/cve-2012-5639 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639 https://lists.apache.org/thread.html/r253f92d0e6511d07a79774002e1d9db1d20b24bff27914a5adb14ccb%40%3Cissues.openoffice.apache.org%3E https://sec • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3409
https://notcve.org/view.php?id=CVE-2012-3409
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation ecryptfs-utils: el asistente suid no restringe el montaje de sistemas de archivos con nosuid,nodev lo que genera una posible escalada de privilegios • http://www.openwall.com/lists/oss-security/2012/07/11/23 http://www.openwall.com/lists/oss-security/2012/07/12/1 http://www.openwall.com/lists/oss-security/2012/07/13/5 https://access.redhat.com/security/cve/cve-2012-3409 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409 https://security-tracker.debian.org/tracker/CVE-2012-3409 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-3467
https://notcve.org/view.php?id=CVE-2019-3467
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. Debian-edu-config todas las versiones anteriores a la versión 2.11.10, un conjunto de archivos de configuración utilizados para Debian Edu y debian-lan-config anterior a la versión 0.26, configuraron ACL demasiado permisivas para el servidor de Kerberos, lo que permitió cambios de contraseña para otros principales usuarios de Kerberos . • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459 https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html https://seclists.org/bugtraq/2019/Dec/34 https://seclists.org/bugtraq/2019/Dec/44 https://security-tracker.debian.org/tracker/CVE-2019-3467 https://usn.ubuntu.com/4530-1 https://www.debian.org/security/2019/dsa-4589 http • CWE-732: Incorrect Permission Assignment for Critical Resource •