CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2009-0115 – device-mapper-multipath: insecure permissions on multipathd.sock
https://notcve.org/view.php?id=CVE-2009-0115
30 Mar 2009 — The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero d... • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
https://notcve.org/view.php?id=CVE-2008-2812
09 Jul 2008 — The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, es... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3081
https://notcve.org/view.php?id=CVE-2008-3081
09 Jul 2008 — Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the extern... • http://osvdb.org/46587 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5830
https://notcve.org/view.php?id=CVE-2007-5830
05 Nov 2007 — Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." Vulnerabilidad no especificada en la interfaz administrativa de Avaya Messaging Storage SErver (MSS) 3.1 anterior a SP1, y Message Networking (MN) 3.1, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados rel... • http://osvdb.org/38482 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-1058
https://notcve.org/view.php?id=CVE-2006-1058
04 Apr 2006 — BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. BusyBox 1.1.1 no utiliza una "sal" cuando genera contraseñas, lo que facilita a usuarios locales adivinar contraseñas a partir de un fichero de contraseñas robado usando técnicas como tablas "rainbow". • http://bugs.busybox.net/view.php?id=604 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2004-0495
https://notcve.org/view.php?id=CVE-2004-0495
23 Jun 2004 — Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. Múltiples vulnerabilidades desconocidas en el kernel de Linux 2.4 y 2.6 permiten a usuarios locales ganar privilegios o acceder a memoria del kernel, como se ha encontrado mediante la herramienta de comprobación de código fuente "Sparse". • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 1CVE-2004-0554 – Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service
https://notcve.org/view.php?id=CVE-2004-0554
15 Jun 2004 — Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. El kernel de Linux 2.4.2x y 2.6.x para x86 permite a usuarios locales causar una denegación de servicio (caída del sistema), posiblemente mediante un bucle infinito que dispara un manejador de señal con una cierta secuencia de instruccion... • https://www.exploit-db.com/exploits/306 •