Page 13 of 106 results (0.037 seconds)

CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 0

CVE-2007-1859 – xscreensaver authentication bypass

https://notcve.org/view.php?id=CVE-2007-1859

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. XScreenSaver versión 4.10, cuando está usando un servicio de directorio remoto para credenciales, no maneja apropiadamente los resultados de la función getpwuid en el archivo drivers/lock.c cuando no hay conectividad de red, lo que causa que XScreenSaver bloquee y desbloquee la pantalla y permita a usuarios locales omitir la autenticación. • http://osvdb.org/35531 http://secunia.com/advisories/25065 http://secunia.com/advisories/25105 http://secunia.com/advisories/25116 http://secunia.com/advisories/25118 http://secunia.com/advisories/25119 http://secunia.com/advisories/25225 http://secunia.com/advisories/25610 http://security.gentoo.org/glsa/glsa-200705-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:097 http://www.novell.com/linux/security/advisories/2007_9_sr.html http://www.redhat • CWE-287: Improper Authentication •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-2030

https://notcve.org/view.php?id=CVE-2007-2030

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. lharc.c en lha no crea archivos temporales de forma segura, lo cual podría permitir a usuarios locales leer o escribir archivos creando un archivo antes de que LHA sea invocado. • http://osvdb.org/37049 http://secunia.com/advisories/25519 http://www.mandriva.com/security/advisories?name=MDKSA-2007:117 http://www.securityfocus.com/bid/24336 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585 https://exchange.xforce.ibmcloud.com/vulnerabilities/34063 •

CVSS: 3.8EPSS: 2%CPEs: 56EXPL: 0

CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)

https://notcve.org/view.php?id=CVE-2007-1352

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ •

CVSS: 8.5EPSS: 5%CPEs: 45EXPL: 0

CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)

https://notcve.org/view.php?id=CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

CVE-2006-7176 – sendmail allows external mail with from address xxx@localhost.localdomain

https://notcve.org/view.php?id=CVE-2006-7176

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. La versión de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no rechazan el nombre de dominio "localhost.localdomain" para mensajes de correo electrónico que provienen de estaciones externas, lo cual podría permitir a atacantes remotos falsificar mensajes. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25743 http://support.avaya.com/elmodocs2/security/ASA-2007-248.htm http://www.redhat.com/support/errata/RHSA-2007-0252.html http://www.securityfocus.com/bid/23742 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11499 https://access.redhat.com/security/cve/CVE-2006-7176 https://bugzilla.redhat.com/show_bug.cgi?id=23854 •