CVSS: 5.0EPSS: 11%CPEs: 10EXPL: 0CVE-2008-0596 – cups: memory leak handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0596
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. Fuga de memoria en CUPS versiones anteriores a 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de un gran número de peticiones para añadir y eliminar impresoras compartidas. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://secunia.com/advisories/29420 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 10%CPEs: 10EXPL: 0CVE-2008-0597 – cups: dereference of free'd memory handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0597
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. Vulnerabilidad de uso después de liberación (use-after-free) en CUPS antes de 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) a través de paquetes IPP manipulados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath.com/Advisories:rPSA-2008-0091 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091 http://www.mandriva.com/security/advisories?name=MDVSA-2008:050 http://www. • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2007-4130 – panic caused by set_mempolicy with MPOL_BIND
https://notcve.org/view.php?id=CVE-2007-4130
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. El kernel de Linux 2.6.9 antes de 2.6.9-67 en Red Hat Enterprise Linux (RHEL) 4 de Itanium (ia64). No maneja correctamente fallos de página durante el acceso a memoria de NUMA, lo que permite a usuarios locales causar una denegación de servicio (panic) por medio de argumentos no válidos a set_mempolicy en una operación MPOL_BIND • http://rhn.redhat.com/errata/RHSA-2008-0055.html http://secunia.com/advisories/28748 http://www.securityfocus.com/bid/27556 https://bugzilla.redhat.com/show_bug.cgi?id=179665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11437 https://access.redhat.com/security/cve/CVE-2007-4130 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 16%CPEs: 8EXPL: 0CVE-2008-0003 – tog-pegasus pam authentication buffer overflow
https://notcve.org/view.php?id=CVE-2008-0003
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. Un desbordamiento del búfer en la región stack de la memoria en la función PAMBasicAuthenticator::PAMCallback en el servidor de administración de OpenPegasus CIM (tog-pegasus), cuando es compilado para usar PAM y sin PEGASUS_USE_PAM_STANDALONE_PROC definida, podría permitir a atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE -2007-5360. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://osvdb.org/40082 http://secunia.com/advisories/28338 http://secunia.com/advisories/28462 http://secunia.com/advisories/29056 http://secunia.com/advisories/29785 http://secunia.com/advisories/29986 http://securitytracker.com/id?1019159 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.redhat.com/support/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6285 – autofs default doesn't set nodev in /net
https://notcve.org/view.php?id=CVE-2007-6285
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. La configuración predeterminada para autofs 5 (autofs5) en algunas distribuciones de Linux, como Red Hat Enterprise Linux (RHEL) versiones 4 y 5, no especifica la opción de montaje nodev para el mapa -hosts, que permite a los usuarios locales acceder a "important devices" mediante la operación de un servidor NFS remoto y creando archivos de dispositivo especial en ese servidor, como es demostrado por el dispositivo /dev/mem. • http://osvdb.org/40442 http://rhn.redhat.com/errata/RHSA-2007-1176.html http://rhn.redhat.com/errata/RHSA-2007-1177.html http://secunia.com/advisories/28156 http://secunia.com/advisories/28168 http://secunia.com/advisories/28456 http://securitytracker.com/id?1019137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 http://www.securityfocus.com/bid/26970 https://bugzilla.redhat.com/show_bug.cgi?id=426218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39188 • CWE-16: Configuration •