Смотрите также связанные темы
10.02.2018 2009-02-09 - [slackware-security] wicd (SSA:2009-040-01)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] wicd (SSA:2009-040-01)New wicd packages are available for Slackware 12.2 and -current to fix asecurity issue with the D-Bus configuration file that could allow localinformation disclosure (such as network credentials).More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489Here are the details from the Slackware 12.2 ChangeLog:+--------------------------+patches/packages/wi...
14.02.2018 AIX at information disclosure vulnerability
A local attacker may exploit this error to read any file on the system because the command is setuid root.
27.02.2018 CVE-2016-2521
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
14.08.2018 CVE-2008-3699
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
13.03.2018 CVE-2016-1963
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
27.08.2018 CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
08.09.2018 HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows.
23.11.2018 Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
A security vulnerability in the GNU Image Manipulation Program (GIMP) may allow a remote unprivileged user to cause a Denial of Service (DoS) to the GIMP application or execute arbitrary code with the privileges of a local user when that local user loads an XCF image file supplied by an untrusted source.
11.09.2018 [ MDVSA-2008:190 ] postfix
A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).
10.09.2018 CVE-2008-4018
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
|
