CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2008-4068 – recource: bypass
https://notcve.org/view.php?id=CVE-2008-4068
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey ... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 52EXPL: 0CVE-2008-4098 – mysql: incomplete upstream fix for CVE-2008-2079
https://notcve.org/view.php?id=CVE-2008-4098
17 Sep 2008 — MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. MySQL anterior a 5.0.67, pe... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 42%CPEs: 15EXPL: 1CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
https://notcve.org/view.php?id=CVE-2008-3529
12 Sep 2008 — Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su ... • https://www.exploit-db.com/exploits/8798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2007-6716 – kernel: dio: zero struct dio with kzalloc instead of manually
https://notcve.org/view.php?id=CVE-2007-6716
04 Sep 2008 — fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. fs/direct-io.c del subsistema dio del núcleo de Linux anterior a 2.6.23, no suprime de forma correcta la estructura dio, esto permite a usuario locales provocar una denegación de servicio (OOPS), como se ha demostrado en determinados test fio. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=848c4dd5153c7a0de55470ce99a8e13a63b4703f •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
27 Aug 2008 — libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2008-3275 – Linux kernel local filesystem DoS
https://notcve.org/view.php?id=CVE-2008-3275
12 Aug 2008 — The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. Las funciones (1) real_lookup y (2) __lookup_hash en el archivo fs/namei.c en la implementación de vfs en el kernel de Linux anterior a versió... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2008-3534 – kernel: tmpfs: fix kernel BUG in shmem_delete_inode
https://notcve.org/view.php?id=CVE-2008-3534
08 Aug 2008 — The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. La función shmem_delete_inode de mm/shmem.c en la implementación the tmpfs de Linux kernel versiones anteriores a 2.6.26.1 permite a usua... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2008-3535 – kernel: fix off-by-one error in iov_iter_advance()
https://notcve.org/view.php?id=CVE-2008-3535
08 Aug 2008 — Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. Error de superación del límite en la función iov_iter_advance de mm/filemap.c en Linux kernel versiones anteriores a 2.6.27-rc2 permite a usuarios locales provocar una denegación de servicio (ca... • http://mirror.celinuxforum.org/gitstat/commit-detail.php?commit=94ad374a0751f40d25e22e036c37f7263569d24c • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3272 – kernel snd_seq_oss_synth_make_info leak
https://notcve.org/view.php?id=CVE-2008-3272
08 Aug 2008 — The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. La función snd_seq_oss_synth_make_info de sound/core/seq/oss/seq_oss_synth.c en el subsistema sound de Linux kernel versiones anteriores a 2.6.27-rc2 no verifica que el número de disposi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 65%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •