Смотрите также связанные темы 14.02.2018 AIX at information disclosure vulnerability A local attacker may exploit this error to read any file on the system because the command is setuid root.
14.08.2018 CVE-2008-3699 The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
27.02.2018 CVE-2016-2521 Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
13.03.2018 CVE-2016-1963 The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
27.08.2018 CVE-2008-3851 Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
23.11.2018 Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code A security vulnerability in the GNU Image Manipulation Program (GIMP) may allow a remote unprivileged user to cause a Denial of Service (DoS) to the GIMP application or execute arbitrary code with the privileges of a local user when that local user loads an XCF image file supplied by an untrusted source.
11.09.2018 [ MDVSA-2008:190 ] postfix A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).
10.09.2018 CVE-2008-4018 swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
12.09.2018 CVE-2008-3889 Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
03.10.2018 CVE-2008-4440 The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on a temporary file.
|