CyberSecurityBoard
Sponsor Register Login

CVE-2009-3611

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Publication date: Mon, 26 Oct 2009 21:30:00 +0000


Cyber News related to CVE-2009-3611

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago
CVE-2009-3611 - common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with ...
1 year ago
CVE-2012-3611 - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in ...
12 years ago
CVE-2008-3611 - Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this ...
7 years ago
CVE-2010-3611 - ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the ...
7 years ago
CVE-2016-3611 - Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration. ...
7 years ago
CVE-2007-3611 - admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the ...
1 year ago
CVE-2018-3611 - Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. ...
6 years ago
CVE-2006-3611 - Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences ...
6 years ago
CVE-2011-3611 - A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. ...
5 years ago
CVE-2015-3611 - A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. ...
5 years ago
CVE-2017-3611 - Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes ...
3 years ago
CVE-2020-3611 - u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and ...
3 years ago
CVE-2021-3611 - A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this ...
2 years ago
CVE-2014-3611 - Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. ...
2 years ago
CVE-2023-3611 - An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. ...
1 year ago
CVE-2022-3611 - An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. ...
1 year ago
CVE-2013-3611 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none ...
55 years ago Tenable.com
CVE-2024-3611 - The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input ...
8 months ago Tenable.com
CVE-2024-56581 - In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the respective ...
1 month ago Tenable.com
CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
55 years ago Tenable.com
CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
14 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)