CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 10%CPEs: 20EXPL: 0CVE-2007-2833
https://notcve.org/view.php?id=CVE-2007-2833
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. Emacs 21 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) a través de ciertas imágenes modificadas, como lo demostrado a través de imágenes GIF en el modo vm, relacionado con el cálculo del tamaño de la imagen. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929 http://secunia.com/advisories/26987 http://www.debian.org/security/2007/dsa-1316 http://www.mandriva.com/security/advisories?name=MDKSA-2007:133 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.securityfocus.com/bid/24570 http://www.securitytracker.com/id?1018277 http://www.ubuntu.com/usn/usn-504-1 https://issues.rpath.com/browse/RPL-1490 •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 1CVE-1999-1572
https://notcve.org/view.php?id=CVE-1999-1572
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. • http://marc.info/?l=bugtraq&m=110763404701519&w=2 http://secunia.com/advisories/14357 http://secunia.com/advisories/17063 http://secunia.com/advisories/17532 http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf http://www.debian.org/security/2005/dsa-664 http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391 http://www.mandriva.com/security/advisories?name=MDKSA-2005:032 http://www.redhat.com/support/errata/RHSA-2005-073.html http://www.redhat.com/support&# •