CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1615 – kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
https://notcve.org/view.php?id=CVE-2008-1615
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. El kernel de Linux versión 2.6.18 y posiblemente otras versiones, cuando corren bajo arquitecturas AMD64, permite a usuarios locales provocar una denegación de servicio (caída) a través de determinadas llamadas ptrace. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://secunia.com/advisories/30112 http://secunia.com/advisories/30252 http://secunia.com/advisories/30294 http://secunia.com • CWE-399: Resource Management Errors •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2112
https://notcve.org/view.php?id=CVE-2008-2112
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. Vulnerabilidad sin especificar en Sun Ray Kiosk Mode 4.0, permite a administradores autenticados locales y remotos de Sun Ray, obtener privilegios a través de vectores desconocidos relacionados con utconfig. • http://secunia.com/advisories/30130 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236944-1 http://www.securityfocus.com/bid/29092 http://www.securitytracker.com/id?1019993 http://www.vupen.com/english/advisories/2008/1454/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42262 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2007-6282 – IPSec ESP kernel panics
https://notcve.org/view.php?id=CVE-2007-6282
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. La implementación IPsec en el Kernel de Linux, versiones anteriores a la 2.6.25, permite a routers remotos provocar una denegación de servicio (caída) a través de un paquete ESP fragmentado en el que el primer fragmento no contiene la cabecera ESP y el IV (Vector de Inicialización) completos. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://marc.info/?l=linux-netdev&m=120372380411259&w=2 http://secunia.com/advisories/30112 http://secunia.com/advisories/30294 http://secunia.com/advisories/30818 http://secunia.com/advisories/30890 http://secunia.com/advisories/30962 http://secunia.com/advisories&# • CWE-16: Configuration •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2008-1198 – initscripts: IPSec ifup script allows for aggressive IKE mode
https://notcve.org/view.php?id=CVE-2008-1198
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. La secuencia de comandos por defecto IPSec ifup en Red Hat Enterprise Linux de 3 a 5 configura racoon para utilizar el modo agresivo de IKE en vez del modo principal de IKE, lo que facilita a atacantes remotos llevar a cabo ataques de fuerza bruta husmeando una clave hash que no ha sido compartida sin encriptar (PSK). • http://secunia.com/advisories/48045 http://www.ernw.de/download/pskattack.pdf http://www.securitytracker.com/id?1019563 https://bugzilla.redhat.com/show_bug.cgi?id=435274 https://exchange.xforce.ibmcloud.com/vulnerabilities/41053 https://access.redhat.com/security/cve/CVE-2008-1198 •
CVSS: 6.8EPSS: 14%CPEs: 88EXPL: 2CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •