CVE-2022-2975 – Avaya Aura Application Enablement Services weak permissions in web application
https://notcve.org/view.php?id=CVE-2022-2975
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. Se detectó una vulnerabilidad relacionada con permisos débiles en la aplicación web de Avaya Aura Application Enablement Services, que permitía que un usuario administrativo modificara las cuentas, conllevando a una ejecución de código arbitrario como usuario root. Este problema afecta a versiones 8.0.0.0 a 8.1.3.4 y 10.1.0.0 a 10.1.0.1 de Application Enablement Services. • https://download.avaya.com/css/public/documents/101083688 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa • CWE-476: NULL Pointer Dereference •
CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs
https://notcve.org/view.php?id=CVE-2009-3939
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2006-1058
https://notcve.org/view.php?id=CVE-2006-1058
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. BusyBox 1.1.1 no utiliza una "sal" cuando genera contraseñas, lo que facilita a usuarios locales adivinar contraseñas a partir de un fichero de contraseñas robado usando técnicas como tablas "rainbow". • http://bugs.busybox.net/view.php?id=604 http://secunia.com/advisories/19477 http://secunia.com/advisories/25098 http://secunia.com/advisories/25848 http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm http://www.redhat.com/support/errata/RHSA-2007-0244.html http://www.securityfocus.com/bid/17330 https://exchange.xforce.ibmcloud.com/vulnerabilities/25569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483 https://access.redhat.com/secu • CWE-916: Use of Password Hash With Insufficient Computational Effort •