CVSS: 6.8EPSS: 5%CPEs: 11EXPL: 1CVE-2010-2713
https://notcve.org/view.php?id=CVE-2010-2713
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. La función vte_sequence_handler_window_manipulation en vteseq.c en libvte (conocido como libvte9) de VTE v0.25.1 y anteriores, tal como se utiliza en gnome-terminal, no gestiona adecuadamente las secuencias de escape, lo cual permite a atacantes remotos ejecutar comandos a su elección u obtener información potencialmente sensible a través de un (1) titulo de ventana o (2) icono de secuencia del título. NOTA: esta vulnerabilidad está provocada por una regresión del CVE-2003-0070. • http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40635 http://www.securityfocus.com/bid/41716 http://www.ubuntu.com/usn/usn-962-1 http://www.vupen.com/english/advisories/2010/1839 https://bugzilla.redhat.com/show_bug.cgi?id=613110 •
CVSS: 2.1EPSS: 0%CPEs: 226EXPL: 0CVE-2009-1276
https://notcve.org/view.php?id=CVE-2009-1276
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. XScreenSaver en Sun Solaris v10 and OpenSolaris anteriores a snv_109, y Solaris v8 y v9 con GNOME v2.0 o v2.0.2, permite a atacantes próximos físicamente conseguir información sensible, leyendo las ventanas "PopUp"s, que se muestran cuando la pantalla se bloquea, como se demostró en las notificaciones de nuevo mensaje de Thunderbird. • http://securitytracker.com/id?1022009 http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-22-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255308-1 http://www.securityfocus.com/bid/34421 http://www.vupen.com/english/advisories/2009/0978 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 4CVE-2008-3533 – Yelp 2.23.1 - Invalid URI Format String
https://notcve.org/view.php?id=CVE-2008-3533
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. Vulnerabilidad de cadena de formato en la función window_error de yelp-window.c en yelp de Gnome después de 2.19.90 y antes de 2.24 permite a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena en un URI no válido en línea de comandos, como se demostró utilizando yelp en los controladores URI (1) man o (2) ghelp en Firefox, Evolution y otros programas no especificados. • https://www.exploit-db.com/exploits/32248 http://bugzilla.gnome.org/attachment.cgi?id=115890 http://bugzilla.gnome.org/show_bug.cgi?id=546364 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://secunia.com/advisories/31465 http://secunia.com/advisories/31620 http://secunia.com/advisories/31834 http://secunia.com/advisories/32629 http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 http://www.securityfocus.com/bid/30690 http://www.ubun • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 42%CPEs: 4EXPL: 0CVE-2007-5337
https://notcve.org/view.php?id=CVE-2007-5337
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. El Mozilla Firefox anterior al 2.0.0.8 y el SeaMonkey anterior al 1.1.5, cuando corren bajo sistemas Linux con el soporte gnome-vfs, puede permitir a atacantes remotos leer ficheros de su elección en servidores SSH/sftp que aceptan la clave de autenticación mediante la creación de una página web en el servidor objetivo, en donde la página web contenga URIs con esquemas (1) smb: o (2) sftp: que acceden a otros ficheros del servidor. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0080
https://notcve.org/view.php?id=CVE-2003-0080
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. • http://www.osvdb.org/4400 http://www.redhat.com/support/errata/RHSA-2003-072.html http://www.securityfocus.com/bid/7128 https://exchange.xforce.ibmcloud.com/vulnerabilities/11552 •