CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2007-5197
https://notcve.org/view.php?id=CVE-2007-5197
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. El desbordamiento de búfer en la clase Mono.Math.BigInteger en Mono versión 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar código arbitrario por medio de vectores no específicos relacionados a Reduce en métodos Pow basados en Montgomery. • http://bugs.gentoo.org/attachment.cgi?id=134361&action=view http://bugs.gentoo.org/show_bug.cgi?id=197067 http://secunia.com/advisories/27439 http://secunia.com/advisories/27493 http://secunia.com/advisories/27511 http://secunia.com/advisories/27583 http://secunia.com/advisories/27612 http://secunia.com/advisories/27639 http://secunia.com/advisories/27937 http://www.debian.org/security/2007/dsa-1397 http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5471
https://notcve.org/view.php?id=CVE-2007-5471
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration. libgssapi versiones anteriores a 0.6-13.7, tal y como se usa en el demonio ISC BIND en SUSE Linux Enterprise Server 10 SP 1, concluye con un error de inicialización, lo cual permite a atacantes remotos provocar una denegación de servicio (finalización de demonio) mediante una petición GSS-TSIG. NOTA: Este asunto afecta a otros demonios que intentan inicializar esta biblioteca con una configuración chroot u otra configuración inválida. • http://osvdb.org/40935 http://secunia.com/advisories/27189 http://www.securityfocus.com/bid/26076 https://exchange.xforce.ibmcloud.com/vulnerabilities/37233 https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html •
CVE-2007-5195
https://notcve.org/view.php?id=CVE-2007-5195
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. Vulnerabilidad no especificada en la implementación SSL del sistema cliente Groupwise en el paquete novell-groupwise-client de SUSE Linux Enterprise Desktop 10 permite a atacantes remotos obtener credenciales mediante un ataque de hombre-en-medio, una vulnerabilidad diferente de CVE-2007-5196. • http://osvdb.org/45492 http://secunia.com/advisories/27229 http://www.novell.com/linux/security/advisories/2007_20_sr.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVE-2007-5196
https://notcve.org/view.php?id=CVE-2007-5196
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. Vulnerabilidad no especificada en la implementación SSL del sistema cliente Groupwise en el paquete novell-groupwise-client de SUSE Linux Enterprise Desktop 10 permite a atacantes remotos obtener credenciales mediante un ataque de hombre en el medio, una vulnerabilidad diferente de CVE-2007-5195. • http://osvdb.org/45491 http://secunia.com/advisories/27229 http://www.novell.com/linux/security/advisories/2007_20_sr.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •