CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMonkey v1.x antes de la v1.1.13 permite a atacantes remotos producir una denegación de servicio (caída) y una posible ejecución de código a su elección modificación de las propiedades de un elemento de entrada de fichero mientras se inicia, cuando se esta utilizando el método blur para acceder a no ha sido inicializada. This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-4577 – dovecot: incorrect handling of negative rights in the ACL plugin
https://notcve.org/view.php?id=CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. El plugin ACL en Dovecot anterior a 1.1.4 amenaza los derechos del acceso negativo como si fueran derechos de acceso positivos, lo que permite a atacantes evitar las restricciones de acceso previstas. • http://bugs.gentoo.org/show_bug.cgi?id=240409 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32164 http://secunia.com/advisories/32471 http://secunia.com/advisories/33149 http://secunia.com/advisories/33624 http://secunia.com/advisories/36904 http://security.gentoo.org/glsa/glsa-200812-16.xml http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:232& • CWE-863: Incorrect Authorization •
CVE-2008-3832 – Linux Kernel (Fedora 8/9) - 'utrace_control' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2008-3832
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. Cierto parche de Fedora en el subsistema utrace de Linux Kernel versiones anteriores a v2.6.26.5-28 de Fedora 8, y versiones anteriores a v2.6.26.5-45 de Fedora 9, permite a usuarios locales provocar una denegación de servicio (puntero de referencia NULL y caída o cuelgue del sistema) a través de la llamada a la función utrace_control. • https://www.exploit-db.com/exploits/32451 http://kerneloops.org/oops.php?number=56705 http://www.openwall.com/lists/oss-security/2008/10/02/1 http://www.securityfocus.com/bid/31536 https://bugzilla.redhat.com/show_bug.cgi?id=464883 https://exchange.xforce.ibmcloud.com/vulnerabilities/45644 • CWE-399: Resource Management Errors •
CVE-2008-3969
https://notcve.org/view.php?id=CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. Múltiples vulnerabilidades sin especificar en BitlBee versiones anteriores a 1.2.3 permiten a atacantes remotos "sobrescribir" y "secuestrar" cuentas existentes a través de vectores no especificados. NOTA: esta cuestión existe debido a una incompleta para fijar CVE-2008-3920. • http://secunia.com/advisories/31690 http://secunia.com/advisories/31991 http://security.gentoo.org/glsa/glsa-200809-14.xml http://www.bitlbee.org/main.php/changelog.html http://www.bitlbee.org/main.php/news.r.html http://www.openwall.com/lists/oss-security/2008/09/08/1 http://www.openwall.com/lists/oss-security/2008/09/09/11 http://www.securityfocus.com/bid/31342 https://bugzilla.redhat.com/show_bug.cgi?id=461424 https://exchange.xforce.ibmcloud.com/vulnerab •
CVE-2008-3282 – openoffice.org: numeric truncation error in memory allocator (64bit)
https://notcve.org/view.php?id=CVE-2008-3282
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Desbordamiento de entero en la función rtl_allocateMemory en sal/rtl/sourcealloc_global.c en el localizador de memoria de OpenOffice.org (OOo) 2.4.1, sobre plataformas 64-bit, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o, posiblemente, ejecución de código arbitrario a través de un documento manipulado, relacionado con "error de truncamiento numérico", es una vulnerabilidad distinta de la CVE-2008-2152. • http://secunia.com/advisories/31640 http://secunia.com/advisories/31646 http://secunia.com/advisories/31778 http://securitytracker.com/id?1020764 http://www.openoffice.org/issues/show_bug.cgi?id=92217 http://www.redhat.com/support/errata/RHSA-2008-0835.html http://www.securityfocus.com/bid/30866 http://www.vupen.com/english/advisories/2008/2449 https://bugzilla.redhat.com/show_bug.cgi?id=455867 https://bugzilla.redhat.com/show_bug.cgi?id=458056 https://exchange.xforce • CWE-681: Incorrect Conversion between Numeric Types •