CVSS: 9.3EPSS: 19%CPEs: 3EXPL: 0CVE-2008-0668
https://notcve.org/view.php?id=CVE-2008-0668
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. La función excel_read_HLINK en plugins/excel/ms-excel-read.c de Gnome Office Gnumeric antes de 1.8.1. Permite a atacantes remotos ayudados por el usuario ejecutar código de su elección a través de un archivo XLS manipulado que contiene opcodes XLS HLINK, posiblemente debido a un desbordamiento de integer. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://bugs.gentoo.org/show_bug.cgi?id=208356 http://bugzilla.gnome.org/show_bug.cgi?id=505330 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/28725 http://secunia.com/advisories/28799 http://secunia.com/advisories/28948 http://secunia.com/advisories/29702 http://secunia.com/advisories/29896 http://secunia.com/advisories/31339 http://security.gentoo.org/glsa/glsa-200802-05.xml http://www.debian.org/security/2008/ • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 1CVE-2008-0008
https://notcve.org/view.php?id=CVE-2008-0008
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. La función pa_drop_root en PulseAudio versión 0.9.8, y una cierta build 0.9.9, no comprueba los valores de retorno de llamadas (1) setresuid, (2) setreuid, (3) setuid y (4) seteuid, cuando intenta perder privilegios, lo que podría permitir a usuarios locales alcanzar privilegios causando que esas llamadas fallen por ataques tales como el agotamiento de recursos. • http://bugs.gentoo.org/show_bug.cgi?id=207214 http://pulseaudio.org/changeset/2100 http://secunia.com/advisories/28608 http://secunia.com/advisories/28623 http://secunia.com/advisories/28738 http://secunia.com/advisories/28952 http://security.gentoo.org/glsa/glsa-200802-07.xml http://www.debian.org/security/2008/dsa-1476 http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 http://www.securityfocus.com/bid/27449 http://www.ubuntu.com/usn/usn-573-1 http&# • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 1%CPEs: 38EXPL: 0CVE-2007-6284 – libxml2: infinite loop in UTF-8 decoding
https://notcve.org/view.php?id=CVE-2007-6284
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. La función xmlCurrentChar de libxml2, en versiones anteriores a la 2.6.31, permite que algunos atacantes, dependiendo del contexto, provoquen denegación de servicio (por bucle infinito) usando un XML que contenga secuencias no válidas de UTF-8. • http://bugs.gentoo.org/show_bug.cgi?id=202628 http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000009.html http://mail.gnome.org/archives/xml/2008-January/msg00036.html http://secunia.com/advisories/28439 http://secunia.com/advisories/28444 http://secunia.com/advisories/28450 http://secunia.com/advisories/28452 http://secunia.com/advisories/28458 http://secunia.com/advisories/28466 http://s • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 2CVE-2008-0005 – mod_proxy_ftp XSS
https://notcve.org/view.php?id=CVE-2008-0005
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. mod_proxy_ftp en Apache 2.2.x antes de la versión 2.2.7-dev, 2.0.x antes de la2.0.62-dev, y 1.3.x antes de 1.3.40-dev, no define un conjunto de caracteres, lo que permite que atacantes remootos puedan llevar a cabo ataques de secuencias de comandos (XSS) en sitios cruzados usando una codificación UTF-7. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://secunia.com/advisories/28467 http://secunia.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •