CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMonkey v1.x antes de la v1.1.13 permite a atacantes remotos producir una denegación de servicio (caída) y una posible ejecución de código a su elección modificación de las propiedades de un elemento de entrada de fichero mientras se inicia, cuando se esta utilizando el método blur para acceder a no ha sido inicializada. This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2006-0736
https://notcve.org/view.php?id=CVE-2006-0736
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors. • http://secunia.com/advisories/18995 http://www.novell.com/linux/security/advisories/2006_10_casa.html http://www.securityfocus.com/bid/16779 http://www.vupen.com/english/advisories/2006/0693 •
CVE-2005-3655
https://notcve.org/view.php?id=CVE-2005-3655
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. • http://secunia.com/advisories/18484 http://securityreason.com/securityalert/348 http://securitytracker.com/id?1015487 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=371 http://www.novell.com/linux/security/advisories/2006_02_novellnrm.html http://www.osvdb.org/22455 http://www.securityfocus.com/bid/16226 https://exchange.xforce.ibmcloud.com/vulnerabilities/24111 •
CVE-2005-1761
https://notcve.org/view.php?id=CVE-2005-1761
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. Vulnerabilidad desconocida en el kernel de Linux permite que usuarios locales provoquen una denegación de servicio mediante ptrace • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea78729b8dbfc400fe165a57b90a394a7275a54 http://secunia.com/advisories/17002 http://secunia.com/advisories/17073 http://secunia.com/advisories/18056 http://secunia.com/advisories/19369 http://securitytracker.com/id?1014275 http://www.debian.org/security/2005/dsa-922 http://www.debian.org/security/2006/dsa-1018 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1 http://www.novell • CWE-20: Improper Input Validation •
CVE-2005-1767
https://notcve.org/view.php?id=CVE-2005-1767
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). Vulnerabilidad desconocida en el kernel de Linux 2.6.x y 2.4.x permite que usuarios locales provoquen una denegación de servicio ("stack fault exception") mediante métodos desconocidos. • http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=51e31546a2fc46cb978da2ee0330a6a68f07541e http://secunia.com/advisories/17002 http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://secunia.com/advisories/18977 http://www.debian.org/security/2005/dsa-921 http://www.debian.org/security/2005/dsa-922 http://www.novell.com/linux/security/advisories/2005_44_kernel.html http://www.redhat.com/support/errata/RHSA-2005-663.html http •