New vulnerabilities from the NVD: CVE-2005-4890 | | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Published at: November 04, 2019 at 09:15PM View on website November 05, 2019 at 12:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-3662 | | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. Published at: November 05, 2019 at 12:15AM View on website November 05, 2019 at 02:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-0737 (jboss_operations_network) | | A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. Published at: October 31, 2019 at 01:15AM View on website November 05, 2019 at 08:57PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-0398 (autokey) | | The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. Published at: October 31, 2019 at 12:15AM View on website November 05, 2019 at 08:57PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2222 | | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. Published at: November 05, 2019 at 10:15PM View on website November 06, 2019 at 12:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2064 (rpcbind) | | rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. Published at: October 30, 2019 at 12:15AM View on website November 06, 2019 at 12:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2061 (rpcbind) | | rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. Published at: October 30, 2019 at 12:15AM View on website November 06, 2019 at 12:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2005-2354 | | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. Published at: November 05, 2019 at 10:15PM View on website November 06, 2019 at 12:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-2841 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: November 06, 2019 at 06:15AM View on website November 06, 2019 at 08:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-0899 | | |
New vulnerabilities from the NVD: CVE-2006-4245 | | |
New vulnerabilities from the NVD: CVE-2006-4243 | | |
New vulnerabilities from the NVD: CVE-2006-3100 | | |
New vulnerabilities from the NVD: CVE-2006-0062 | | xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. Published at: November 06, 2019 at 05:15AM View on website November 06, 2019 at 08:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2006-0061 | | xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. Published at: November 06, 2019 at 04:15AM View on website November 06, 2019 at 08:57AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2471 | | |
New vulnerabilities from the NVD: CVE-2010-2446 | | |
New vulnerabilities from the NVD: CVE-2010-2247 | | |
New vulnerabilities from the NVD: CVE-2009-5050 | | |
New vulnerabilities from the NVD: CVE-2009-5049 | | |
New vulnerabilities from the NVD: CVE-2009-5048 | | |
New vulnerabilities from the NVD: CVE-2009-5046 | | |
New vulnerabilities from the NVD: CVE-2009-5045 | | |
New vulnerabilities from the NVD: CVE-2009-5043 (burn, debian_linux) | | |
New vulnerabilities from the NVD: CVE-2009-5042 (debian_linux, python-docutils) | | |
New vulnerabilities from the NVD: CVE-2010-2250 | | Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. Published at: November 07, 2019 at 08:15PM View on website November 07, 2019 at 11:22PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2243 | | A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. Published at: November 07, 2019 at 07:15PM View on website November 07, 2019 at 11:22PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-5743 | | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. Published at: November 08, 2019 at 12:15AM View on website November 08, 2019 at 03:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-3915 | | |
New vulnerabilities from the NVD: CVE-2007-3732 | | In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. Published at: November 08, 2019 at 12:15AM View on website November 08, 2019 at 03:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-7291 | | |
New vulnerabilities from the NVD: CVE-2008-7272 | | FireGPG before 0.6 handle user�s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users�s private key. Published at: November 08, 2019 at 02:15AM View on website November 08, 2019 at 05:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-5083 | | In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. Published at: November 08, 2019 at 02:15AM View on website November 08, 2019 at 05:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-3278 | | frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. Published at: November 08, 2019 at 01:15AM View on website November 08, 2019 at 05:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-6745 | | |
New vulnerabilities from the NVD: CVE-2009-5004 | | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . Published at: November 09, 2019 at 06:15AM View on website November 09, 2019 at 09:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-4011 | | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. Published at: November 09, 2019 at 05:15AM View on website November 09, 2019 at 09:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-3614 | | |
New vulnerabilities from the NVD: CVE-2009-3552 | | In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. Published at: November 09, 2019 at 05:15AM View on website November 09, 2019 at 09:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-2802 | | MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. Published at: November 09, 2019 at 05:15AM View on website November 09, 2019 at 09:22AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-0035 | | alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. Published at: November 09, 2019 at 05:15AM View on website November 09, 2019 at 09:22AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар