CVSS: 3.8EPSS: 2%CPEs: 56EXPL: 0CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ •
CVSS: 10.0EPSS: 18%CPEs: 3EXPL: 1CVE-2007-1543
https://notcve.org/view.php?id=CVE-2007-1543
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. Desbordamiento de búfer basado en pila en la función accept_att_local en server/os/connection.c de Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos ejecutar código de su elección mediante un nombre largo una conexión de socket USL. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24783 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://ww •
CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 1CVE-2007-1544
https://notcve.org/view.php?id=CVE-2007-1544
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. Desbordamiento de enteros en la función ProcAuWriteElement en server/dia/audispatch.c en Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través de un valor en max_samples. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •
CVSS: 5.0EPSS: 15%CPEs: 3EXPL: 1CVE-2007-1545
https://notcve.org/view.php?id=CVE-2007-1545
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. La función AddResource en server/dia/resource.c de Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar una denegación de servicio (caída del servidor) mediante un identificador de cliente inexistente. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •
CVSS: 5.0EPSS: 15%CPEs: 3EXPL: 1CVE-2007-1546
https://notcve.org/view.php?id=CVE-2007-1546
Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. Error de índice de array en Network Audio System (NAS) anterior a 1.8a SVN 237 permite a atacantes remotos provocar una denegación de servicio (caída) mediante (1) valores grandes de num_action en la función ProcAuSetElements de server/dia/audispatch.c o (2) un parámetro inputNum grande en la función compileInputs de server/dia/auutil.c. • http://aluigi.altervista.org/adv/nasbugs-adv.txt http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24980 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.debian.org/security/2007/dsa-1273 http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://www.radscan.com/nas/HISTORY http://www.securityfocus.com/archive/1/464606/30& •