CVSS: 5.0EPSS: 65%CPEs: 3EXPL: 0CVE-2010-0743 – scsi-target-utils: format string vulnerability
https://notcve.org/view.php?id=CVE-2010-0743
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. Múltiples vulnerabilidades de formato de cadena en isns.c en (1) Linux SCSI target framework (también conocido como tgt o scsi-target-utils) v1.0.3, v0.9.5, y (2) iSCSI Enterprise Target (también conocido como iscsitarget) v0.4.16, permite a atacantes remotos provocar una denegación de servicio (caída de demonio tgtd) o posiblemente tener un acto desconocido a través de vectores que involucran a las funciones isns_attr_query y qry_rsp_handle, y que están relacionadas con los mensajes (a) "client appearance" y (b) "client disappearance". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935 http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git%3Ba=commit%3Bh=107d922706cd36f3bb79bcca9bc4678c32f22e59 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=oss-security&m=127005132403189&w=2 http://secunia.com/advisories/39142 http://secunia.com/advisories/39726 http://www.debian.org/security/2010/dsa-2042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 http:/&#x • CWE-134: Use of Externally-Controlled Format String •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2007-5827
https://notcve.org/view.php?id=CVE-2007-5827
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. iSCSI Enterprise Target (iscsitarget) 0.4.15 utiliza permisos débiles para /etc/ietd.conf, lo cual permite a usuarios locales obtener las contraseñas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873 http://osvdb.org/42037 http://secunia.com/advisories/27483 http://www.securityfocus.com/bid/26299 https://exchange.xforce.ibmcloud.com/vulnerabilities/38228 • CWE-264: Permissions, Privileges, and Access Controls •