3 matches found
CVE-2009-1185
CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...
CVE-2009-0115
CVE-2009-0115 affects the device-mapper-multipath tool (multipath-tools) version 0.4.8 used in multiple Linux distributions (SUSE openSUSE, SLES, Fedora, etc.). The underlying issue is world-writable permissions on the socket file /var/run/multipathd.sock, which allows a local user to send arbitr...
CVE-2021-0296
The CVE-2021-0296 entry concerns Juniper Networks CTPView server not enforcing HTTP Strict Transport Security (HSTS). Affected versions are Juniper CTPView 7.3 before 7.3R7 and 9.1 before 9.1R3. Root cause: lack of HSTS header enforcement, which can enable downgrade attacks, SSL-stripping MITM, a...