CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5200
https://notcve.org/view.php?id=CVE-2007-5200
hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. hugin, tal como se utiliza en varios sistemas operativos, incluyendo SUSE openSUSE versión 10.2 y versión 10.3, permite a los usuarios locales sobrescribir archivos arbitrarios mediante un ataque de symlink en el archivo temporal hugin_debug_optim_results.txt. • http://osvdb.org/42224 http://secunia.com/advisories/27229 http://secunia.com/advisories/27623 http://secunia.com/advisories/27653 http://secunia.com/advisories/27952 http://security.gentoo.org/glsa/glsa-200712-01.xml http://www.novell.com/linux/security/advisories/2007_20_sr.html http://www.securityfocus.com/bid/26730 https://bugzilla.redhat.com/show_bug.cgi?id=332401 https://bugzilla.redhat.com/show_bug.cgi?id=362851 https://www.redhat.com/archives/fedora-package- • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1320 – xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow
https://notcve.org/view.php?id=CVE-2007-1320
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. Múltiples desbordamientos de búfer en la región heap de la memoria en la función cirrus_invalidate_region en la extensión Cirrus VGA en QEMU versión 0.8.2, como es usado en Xen y posiblemente otros productos, podrían permitir a usuarios locales ejecutar código arbitrario por medio de vectores no especificados relacionados a "attempting to mark non-existent regions as dirty," también se conoce como el desbordamiento de la pila "bitblt". • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://osvdb.org/35494 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/30413 http://secunia.com/advisories/33568 http://taviso.decsystem.org/virtsec.pdf http://www.de • CWE-787: Out-of-bounds Write •