Michael Gilbert

#8938de 53,633
30.6CVSS total
Vulnerabilidades · 4
Média
1
Alta
3
PT-2019-6809
7.5
2019-12-20
Gnome · Gnome Keyring · CVE-2012-6111
**Name of the Vulnerable Software and Affected Versions** gnome-keyring (affected versions not specified) **Description** The issue concerns gnome-keyring not discarding stored secrets when using the `gnome keyring lock all sync` function. This could potentially lead to unauthorized access to sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-6760
9.3
2019-11-27
Isc · Dhclient · CVE-2012-2248
**Name of the Vulnerable Software and Affected Versions** dhclient version 4.3.1-6 **Description** An issue was discovered in dhclient due to an embedded path variable. **Recommendations** For version 4.3.1-6, at the moment, there is no information about a newer version that contains a fix for this issue.
PT-2015-3406
8.8
2015-02-11
Freedesktop.Org · Xdg-Utils · CVE-2015-1877
**Name of the Vulnerable Software and Affected Versions** xdg-utils version 1.1.0 rc1 **Description** The issue is related to the open generic xdg mime function in xdg-open, which does not properly handle local variables when using dash. This allows remote attackers to execute arbitrary commands via a crafted file. The exploitation of this issue may also allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For xdg-utils version 1.1.0 rc1, consider disabling the `open generic xdg mime` function as a temporary workaround until a patch is available. Restrict access to the xdg-open component to minimize the risk of exploitation. Avoid using the xdg-open tool with dash until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2012-4001
5.0
2012-08-20
Devotee · Devotee · CVE-2012-2387
**Name of the Vulnerable Software and Affected Versions** devotee version 0.1 patch 2 **Description** The issue makes it easier for remote attackers to obtain secret monikers via a brute force attack due to the use of a 32-bit seed for generating 48-bit random numbers. **Recommendations** For devotee version 0.1 patch 2, consider implementing a more secure random number generation mechanism to prevent brute force attacks.