CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2008-2710
https://notcve.org/view.php?id=CVE-2008-2710
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. Error de presencia de signo entero en la función ip_set_srcfilter en el IP Multicast Filter en uts/common/inet/ip/ip_multi.c en el kernel de Sun Solaris 10 y OpenSolaris anterior a snv_92, permite a usuarios locales ejecutar código de su elección en otras "Solaris Zones" a través de una petición SIOCSIPMSFILTER IOCTL con un valor largo del campo imsf->imsf_numsrc, que dispara una escritura de memoria del kernel fuera de rango. NOTA: esto ha sido reportado como un desbordamiento de entero, pero el origen del problema implica una comparación de signo que no se realiza. • http://secunia.com/advisories/30693 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237965-1 http://www.securityfocus.com/bid/29699 http://www.securitytracker.com/id?1020283 http://www.trapkit.de/advisories/TKADV2008-003.txt http://www.vupen.com/english/advisories/2008/1832/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5731 • CWE-189: Numeric Errors •
CVSS: 6.4EPSS: 0%CPEs: 66EXPL: 0CVE-2008-2674
https://notcve.org/view.php?id=CVE-2008-2674
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. Vulnerabilidad no especificada en la Interstage Management Console, tal como se utiliza en Fujitsu Interstage Application Server 6.0 a 9.0.0A, Apworks Modelers-J 6.0 a 7.0, y Studio 8.0.1 y 9.0.0, permite a atacantes remotos leer o borrar archivos de su elección a través de vectores no especificados. • http://secunia.com/advisories/30589 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html http://www.securityfocus.com/bid/29624 http://www.securitytracker.com/id?1020235 http://www.vupen.com/english/advisories/2008/1771/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42949 •
CVSS: 5.0EPSS: 4%CPEs: 12EXPL: 0CVE-2007-1918
https://notcve.org/view.php?id=CVE-2007-1918
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función RFC_SET_REG_SERVER_PROPERTY en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20070109 implementa una opción para acceso exclusivo a un servidor RFC, lo cual permite a atacantes remotos provocar denegación de servico (cierre del cliente) a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción inicial. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2540 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.securityfocus.com/archive/1/464685/100/0/threaded http://www.securityfocus.com/bid/23309 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33418 •
CVSS: 10.0EPSS: 13%CPEs: 13EXPL: 0CVE-2007-1917
https://notcve.org/view.php?id=CVE-2007-1917
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función SYSTEM_CREATE_INSTANCE en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: esta información está basada en revelaciones iniciales imprecisas. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2536 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.securityfocus.com/archive/1/464683/100/0/threaded http://www.securityfocus.com/bid/23307 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33416 •
CVSS: 10.0EPSS: 13%CPEs: 13EXPL: 0CVE-2007-1916
https://notcve.org/view.php?id=CVE-2007-1916
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función RFC_START_GUI en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20061211 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción general. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2537 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.securityfocus.com/archive/1/464680/100/0/threaded http://www.securityfocus.com/bid/23304 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33420 •