CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47191 – oath-toolkit: Local root exploit in a PAM module
https://notcve.org/view.php?id=CVE-2024-47191
04 Oct 2024 — pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home d... • https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30630 – dmidecode: dump-bin to overwrite a local file
https://notcve.org/view.php?id=CVE-2023-30630
13 Apr 2023 — Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. • https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 • CWE-23: Relative Path Traversal CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 4%CPEs: 11EXPL: 2CVE-2019-17455 – Ubuntu Security Notice USN-5108-1
https://notcve.org/view.php?id=CVE-2019-17455
10 Oct 2019 — Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000637
https://notcve.org/view.php?id=CVE-2018-1000637
20 Aug 2018 — zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. zutils en versiones anteriores a la 1.8-pre2 contiene una vulnerabilidad de desbordamiento de búfer en zcat que puede resultar en una denegación de servicio (DoS) o ejecución de código arbitrario. El... • https://bugs.debian.org/904819 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2886 – Gentoo Linux Security Advisory 201812-10
https://notcve.org/view.php?id=CVE-2014-2886
18 Sep 2014 — GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. GKSu 2.0.2, cuando el modo sudo no está habilitado, utiliza caracteres ' (dobles comillas) en un argumento de gksu-run-helper, lo cual permite a atacantes ejecutar comand... • http://savannah.nongnu.org/bugs/?40023 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 38EXPL: 0CVE-2013-7322 – Mandriva Linux Security Advisory 2014-061
https://notcve.org/view.php?id=CVE-2013-7322
13 Feb 2014 — usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. usersfile.c en liboath en OATH Toolkit anterior a 2.4.1 no maneja debidamente líneas que contienen un tipo one-time-password (OTP) inválido y un ... • http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3846 – cvs: Heap-based buffer overflow by applying RCS file changes
https://notcve.org/view.php?id=CVE-2010-3846
05 Nov 2010 — Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Error de índice de array en la función apply_rcs_change de rcs.c de CVS v1.11.23 permite a usuarios locales aumentar sus privilegios mediante un fichero RCS que contenga cambios en un fragmento delta manipulado que provoquen un desbordamiento de búfer basado en memoria dinámica (heap). • http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0359
https://notcve.org/view.php?id=CVE-2009-0359
17 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Samizdat anterior a v0.6.2 permite a usuarios autenticados remotamente inyectar secuencias de comando web o HTML de su elección a través del (1) título del mensaje o (2) nombre completo de usuario. • http://osvdb.org/52022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3209
https://notcve.org/view.php?id=CVE-2007-3209
14 Jun 2007 — Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. Mail Notification 4.0, cuando WITH_SSL tiene asignado el 0 en tiempo de compilación, utiliza conexiones no encripatadas para configuración de cuentas con SSL/TLS, lo cual permite a atacantes remotos obtener información sensible esnifando la red. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428157 •