CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1320 – xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow
https://notcve.org/view.php?id=CVE-2007-1320
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. Múltiples desbordamientos de búfer en la región heap de la memoria en la función cirrus_invalidate_region en la extensión Cirrus VGA en QEMU versión 0.8.2, como es usado en Xen y posiblemente otros productos, podrían permitir a usuarios locales ejecutar código arbitrario por medio de vectores no especificados relacionados a "attempting to mark non-existent regions as dirty," también se conoce como el desbordamiento de la pila "bitblt". • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://osvdb.org/35494 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/30413 http://secunia.com/advisories/33568 http://taviso.decsystem.org/virtsec.pdf http://www.de • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-5170
https://notcve.org/view.php?id=CVE-2006-5170
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. pam_ldap en nss_ldap sobre Red Hat Enterprise Linux 4, Fedora Core 3 y anteriores, y posiblemente otras distribuciones no devuelven una condición de error cuando un servidor de directorio LDAP responde con una respuesta de control PasswordPolicyResponse, lo cual provoca que la función pam_authenticate devuelva código correcto aunque haya fallado, según lo divulgado originalmente para el xscreensaver. • http://bugzilla.padl.com/show_bug.cgi?id=291 http://rhn.redhat.com/errata/RHSA-2006-0719.html http://secunia.com/advisories/22682 http://secunia.com/advisories/22685 http://secunia.com/advisories/22694 http://secunia.com/advisories/22696 http://secunia.com/advisories/22869 http://secunia.com/advisories/23132 http://secunia.com/advisories/23428 http://security.gentoo.org/glsa/glsa-200612-19.xml http://securitytracker.com/id?1017153 http://www.debian.org/security/2006 • CWE-755: Improper Handling of Exceptional Conditions •