CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2929 – Server: multiple XSS issues
https://notcve.org/view.php?id=CVE-2008-2929
29 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la biblioteca adminutil del interface web de Directory S... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 1CVE-2008-2930 – RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service
https://notcve.org/view.php?id=CVE-2008-2930
29 Aug 2008 — Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU y agotamiento de búsqueda... • https://www.exploit-db.com/exploits/32304 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 7%CPEs: 8EXPL: 0CVE-2008-3283 – Server: multiple memory leaks
https://notcve.org/view.php?id=CVE-2008-3283
29 Aug 2008 — Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. Múltiples fugas de memoria en Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 y anteriores, permiten a atacantes remotos provocar una denegac... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 25%CPEs: 4EXPL: 0CVE-2008-3252
https://notcve.org/view.php?id=CVE-2008-3252
21 Jul 2008 — Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. Desbordamiento de búfer basado en pila en la función read_article en getarticle.c en newsx 1.6, permite a atacantes remotos ejecutar código de su elección a través de un artículo de noticias que contiene un gran número de líneas que empiezan con un período. • http://secunia.com/advisories/31080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2008-2359
https://notcve.org/view.php?id=CVE-2008-2359
02 Jun 2008 — The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. La configuración predeterminada de consolehelper en system-config-network versiones anteriores a 1.5.10-1 en Fedora versión 8, carece de la directiva USER=root, lo que permite a los usuarios locales de la consola de la estación de trabajo alcanzar privilegios y cambiar la con... • http://secunia.com/advisories/30399 • CWE-16: Configuration •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-3102 – audit logging of failed logins
https://notcve.org/view.php?id=CVE-2007-3102
18 Oct 2007 — Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en la función linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caractere... • http://osvdb.org/39214 •