CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2020-15710 – Potential double-free in pulseaudio
https://notcve.org/view.php?id=CVE-2020-15710
18 Sep 2020 — Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. Una potencial doble liberación en el módulo Bluez 5 de PulseAudio, podría permitir a un atacante local perder memoria o bloquear el programa. La variable modargs puede ser liberada dos veces en una c... • https://launchpad.net/bugs/1884738 • CWE-415: Double Free •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-11931 – Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded
https://notcve.org/view.php?id=CVE-2020-11931
12 May 2020 — An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; Una modificaci... • https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2014-3970 – Mandriva Linux Security Advisory 2015-134
https://notcve.org/view.php?id=CVE-2014-3970
11 Jun 2014 — The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. La función pa_rtp_recv en modules/rtp/rtp.c en el módulo module-rtp-recv en PulseAudio 5.0 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de aserción y abortar) a través de un paquete UDP vacío. PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP ... • http://advisories.mageia.org/MGASA-2014-0440.html •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1299 – Gentoo Linux Security Advisory 201402-10
https://notcve.org/view.php?id=CVE-2009-1299
18 Mar 2010 — The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. La v0.9.10 y v0.9.19 permite a usuarios locales modificar el propietario y permisos de ficheros de su elección a través de ataque de enlaces simbólicos sobre un fichero temporal /tmp/.esd-#####. An insecure temporary file usage has been reported in PulseAudio, possibly allowing symlink attacks. V... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 4CVE-2009-1894 – PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1894
17 Jul 2009 — Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. Condición de carrera en PulseAudio v0.9.9, v0.9.10, y v0.9.14 permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de "hard links", relativo a fijar la configuración de LD_BIND_NOW a 1, y entonces, llamar a ex... • https://www.exploit-db.com/exploits/9208 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-0008
https://notcve.org/view.php?id=CVE-2008-0008
28 Jan 2008 — The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. La función pa_drop_root en PulseAudio versión 0.9.8, y una cierta build 0.9.9, no comprueba los valores de retorno de llamadas (1) setresuid, (2) setreuid, (3) setuid y (4) seteuid, cu... • http://bugs.gentoo.org/show_bug.cgi?id=207214 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 14%CPEs: 1EXPL: 1CVE-2007-1804 – PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1804
02 Apr 2007 — PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a den... • https://www.exploit-db.com/exploits/29809 •