CVSS: 8.5EPSS: 5%CPEs: 45EXPL: 0CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 18%CPEs: 3EXPL: 1CVE-2007-1543
https://notcve.org/view.php?id=CVE-2007-1543
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. Desbordamiento de búfer basado en pila en la función accept_att_local en server/os/connection.c de Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos ejecutar código de su elección mediante un nombre largo una conexión de socket USL. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24783 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://ww •
CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 1CVE-2007-1544
https://notcve.org/view.php?id=CVE-2007-1544
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. Desbordamiento de enteros en la función ProcAuWriteElement en server/dia/audispatch.c en Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través de un valor en max_samples. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •
CVSS: 5.0EPSS: 15%CPEs: 3EXPL: 1CVE-2007-1545
https://notcve.org/view.php?id=CVE-2007-1545
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. La función AddResource en server/dia/resource.c de Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar una denegación de servicio (caída del servidor) mediante un identificador de cliente inexistente. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •
CVSS: 7.8EPSS: 15%CPEs: 4EXPL: 0CVE-2007-1547
https://notcve.org/view.php?id=CVE-2007-1547
The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. La función ReadRequestFromClient en server/os/io.c de Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar una denegación de servicio (caída) mediante múltiples conexiones simultaneas, lo cual provoca una referencia a un puntero nulo. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •