CVE-2009-0032
https://notcve.org/view.php?id=CVE-2009-0032
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. CUPS sobre Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) v3.0 y v4.0, y Multi Network Firewall (MNF) v2.0, permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico sobre el archivo temporal /tmp/pdf.log. • http://securitytracker.com/id?1021637 http://www.mandriva.com/security/advisories?name=MDVSA-2009:027 http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.mandriva.com/security/advisories?name=MDVSA-2009:029 http://www.securityfocus.com/bid/33418 https://exchange.xforce.ibmcloud.com/vulnerabilities/48210 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-3741 – Gimp image loader multiple input validation flaws
https://notcve.org/view.php?id=CVE-2007-3741
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. Las extensiones 1) psp (también conocida como .tub), (2) bmp, (3) pcx, y (4) psd en gimp permite a atacantes remotos con la intervención del usuario provocar denegación de servicio (caida o cosumo de memoria) a través de archivos de imagen manipuladas, como se descubrió utilizando la herramienta fusil fuzzing. • http://osvdb.org/42128 http://osvdb.org/42129 http://osvdb.org/42130 http://osvdb.org/42131 http://secunia.com/advisories/26575 http://secunia.com/advisories/26939 http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 http://www.redhat.com/support/errata/RHSA-2007-0513.html http://www.securityfocus.com/bid/25424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099 https://access.redhat.com/security/cve/CVE-2007-3741 ht • CWE-20: Improper Input Validation •
CVE-2005-3181
https://notcve.org/view.php?id=CVE-2005-3181
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23 http://linux.bkbits.net:8080/linux-2.6/cset%404346883bQBeBd26syWTKX2CVC5bDcA http://secunia.com/advisories/17114 http://secunia.com/advisories/17280 http://secunia.com/advisories/17364 http://secunia.com/advisories/17826 http://secunia.com/advisories/17917 http://secunia.com/advisories/19374 http://www.debian.org/security/2006/dsa-1017 http://www.mandriva.com/security& • CWE-401: Missing Release of Memory after Effective Lifetime •