CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-3896
https://notcve.org/view.php?id=CVE-2008-3896
03 Sep 2008 — Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Grub Legacy 0.97 y versiones anteriores almacena contraseñas de autenticación de pre-arranque en el búfer BIOS Keyboard y no limpia este búfer antes y después del uso, lo cual permite a usuarios locales obtener información sensible le... • http://securityreason.com/securityalert/4204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 1CVE-2008-2377
https://notcve.org/view.php?id=CVE-2008-2377
08 Aug 2008 — Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. Vulnerabilidad de uso después de liberación en la función _gnutls_handshake_hash_buffer... • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1946 – /etc/pam.d/su is wrong in RHEL-4.6
https://notcve.org/view.php?id=CVE-2008-1946
28 Jul 2008 — The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. La configuración por defecto de "su" en /etc/pam.d/su en GNU Coreutils 5.2.1, permite a usuarios locales elevar sus privilegios de una cuenta (1) bloqueada o (2) caducada introduciendo el nombre de usuario en la línea de comandos. Relacionado con un us... • http://rhn.redhat.com/errata/RHSA-2008-0780.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 25%CPEs: 105EXPL: 2CVE-2008-1948 – GNUTLS-SA-2008-1-1 GnuTLS buffer overflow
https://notcve.org/view.php?id=CVE-2008-1948
21 May 2008 — The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1... • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 105EXPL: 1CVE-2008-1949 – GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference
https://notcve.org/view.php?id=CVE-2008-1949
21 May 2008 — The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. La función _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a l... • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b • CWE-287: Improper Authentication CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 9%CPEs: 105EXPL: 0CVE-2008-1950 – GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
https://notcve.org/view.php?id=CVE-2008-1950
21 May 2008 — Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. Error en signo de entero de la función the _gnutls_ciphertext2compressed en lib/gnutls_ciph... • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-2142
https://notcve.org/view.php?id=CVE-2008-2142
12 May 2008 — Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. Emacs versión 21 y XEmacs cargan y ejecutan automáticamente archivos .flc (fast lock) que están asociados con otros archivos que son editados en Emacs, lo que permite a los atacantes asistidos por el usuario ejecutar código arbitrario. • http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1694
https://notcve.org/view.php?id=CVE-2008-1694
21 Apr 2008 — vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. vcdiff en Emacs 20.7 a 22.1.50, cuando es utilizado con SCCS, permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque symlink en ficheros temporales. • http://bugs.gentoo.org/show_bug.cgi?id=216880 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1687
https://notcve.org/view.php?id=CVE-2008-1687
09 Apr 2008 — The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. Las funciones (1) maketemp y (2) mkstemp incluidas en GNU m4 versiones anteriores a 1.4.11 no citan sus salidas cuando un fichero es creado, lo cual podría permitir a atacantes dependientes de contexto disparar una expansión macro, llevando a cabo un uso no ... • http://secunia.com/advisories/29671 •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-1688
https://notcve.org/view.php?id=CVE-2008-1688
09 Apr 2008 — Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. Vulnerabilidad no especificada en GNU m4 versiones anteriores a 1.4.11 podría permitir a atacantes dependientes de contexto ejecutar código se su elección, relacionado con el manejo no apropiado de nombres de ficheros específicados con la opción -F. NOTA:... • http://osvdb.org/44272 •