Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2010-0834

больше 15 лет назад

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2010-0833

больше 15 лет назад

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2010-0832

больше 15 лет назад

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

CVSS2: 6.9
EPSS: Низкий
ubuntu логотип

CVE-2010-0831

больше 15 лет назад

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

CVSS2: 5.8
EPSS: Низкий
ubuntu логотип

CVE-2010-0830

больше 15 лет назад

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVSS2: 5.1
EPSS: Низкий
ubuntu логотип

CVE-2010-0829

почти 16 лет назад

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2010-0828

почти 16 лет назад

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2010-0827

почти 16 лет назад

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2010-0826

почти 16 лет назад

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

CVSS2: 1.9
EPSS: Низкий
ubuntu логотип

CVE-2010-0825

почти 16 лет назад

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

CVSS2: 4.4
EPSS: Низкий
ubuntu логотип

CVE-2010-0793

почти 16 лет назад

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2010-0792

почти 16 лет назад

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.

CVSS2: 1.9
EPSS: Низкий
ubuntu логотип

CVE-2010-0791

почти 16 лет назад

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2010-0790

почти 16 лет назад

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2010-0789

почти 16 лет назад

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

CVSS2: 3.3
EPSS: Низкий
ubuntu логотип

CVE-2010-0788

почти 16 лет назад

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

CVSS2: 4.4
EPSS: Низкий
ubuntu логотип

CVE-2010-0787

почти 16 лет назад

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

CVSS2: 4.4
EPSS: Низкий
ubuntu логотип

CVE-2010-0751

почти 16 лет назад

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2010-0750

почти 16 лет назад

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2010-0749

больше 6 лет назад

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2010-0834

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

CVSS2: 9.3
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-0833

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

CVSS2: 9.3
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-0832

pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

CVSS2: 6.9
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-0831

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

CVSS2: 5.8
2%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-0830

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.

CVSS2: 5.1
6%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.

CVSS2: 4.3
5%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0828

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

CVSS2: 3.5
1%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0827

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

CVSS2: 6.8
5%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0826

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

CVSS2: 1.9
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0825

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

CVSS2: 4.4
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0793

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.

CVSS2: 7.5
2%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0792

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.

CVSS2: 1.9
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0791

The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.

CVSS2: 2.1
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0790

sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.

CVSS2: 2.1
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0789

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

CVSS2: 3.3
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0788

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

CVSS2: 4.4
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0787

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

CVSS2: 4.4
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0751

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

CVSS2: 5
4%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0750

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.

CVSS2: 2.1
0%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2010-0749

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

CVSS3: 5.3
1%
Низкий
больше 6 лет назад

Уязвимостей на страницу