CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2012-3292
https://notcve.org/view.php?id=CVE-2012-3292
07 Jun 2012 — The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file. GridFTP en Globus Toolkit (GT) antes de v5.2.2, cuando ciertas macros de autoconf se definen, no comprueba correctamente el valor devuelto por la función getpwnam_r, lo que podría pe... • http://jira.globus.org/browse/GT-195 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0738
https://notcve.org/view.php?id=CVE-2011-0738
02 Feb 2011 — MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. MyProxy v5.0 hasta v5.2, tal como se utiliza en Globus Toolkit v5.0.0 hasta v5.0.2, no comprueba correctamente (1) el nombre de host o (2) la identi... • http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt • CWE-20: Improper Input Validation •