2 results (0.007 seconds)

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0

perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors. perl-MDK-Common v1.1.11 y v1.1.24, v1.2.9 hasta v1.2.14, y posiblemente otras versiones, en Mandriva Linux no maneja correctamente las cadenas de caracteres cuando las añade a ficheros de configuración, permitiendo a atacantes remotos obtener privilegios mediante "caracteres especiales" en vectores no especificados. • http://www.mandriva.com/security/advisories?name=MDVSA-2009:072 http://www.securityfocus.com/bid/34089 http://www.vupen.com/english/advisories/2009/0688 https://exchange.xforce.ibmcloud.com/vulnerabilities/49220 • CWE-20: Improper Input Validation •

CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. CUPS sobre Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) v3.0 y v4.0, y Multi Network Firewall (MNF) v2.0, permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre el archivo temporal /tmp/pdf.log. • http://securitytracker.com/id?1021637 http://www.mandriva.com/security/advisories?name=MDVSA-2009:027 http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.mandriva.com/security/advisories?name=MDVSA-2009:029 http://www.securityfocus.com/bid/33418 https://exchange.xforce.ibmcloud.com/vulnerabilities/48210 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •