CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2008-0596 – cups: memory leak handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0596
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. Fuga de memoria en CUPS versiones anteriores a 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de un gran número de peticiones para añadir y eliminar impresoras compartidas. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://secunia.com/advisories/29420 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2008-0597 – cups: dereference of free'd memory handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0597
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. Vulnerabilidad de uso después de liberación (use-after-free) en CUPS antes de 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) a través de paquetes IPP manipulados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath.com/Advisories:rPSA-2008-0091 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091 http://www.mandriva.com/security/advisories?name=MDVSA-2008:050 http://www. • CWE-399: Resource Management Errors •
CVE-2005-4151
https://notcve.org/view.php?id=CVE-2005-4151
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html http://metasploit.com/research/vulns/pgp_slackspace http://secunia.com/advisories/17827 http://www.osvdb.org/21569 http://www.securityfocus.com/archive/1/419077/100/0/threaded http://www.securityfocus.com/archive/1/419282/100/0/threaded http://www.securityfocus.com/archive/1/419654/100/0/threaded http://www.securityfocus.com/bid/15784 •
CVE-2005-2957
https://notcve.org/view.php?id=CVE-2005-2957
Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. • http://marc.info/?l=bugtraq&m=112671128224841&w=2 http://secunia.com/advisories/16691 http://secunia.com/secunia_research/2005-43/advisory http://www.avira.com/en/news/avira_desktop_for_windows_patched_against_vulnerability.html http://www.securityfocus.com/bid/14824 •