CVSS: 7.1EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1573
https://notcve.org/view.php?id=CVE-2008-1573
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. El motor de decodificación de imágenes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF diseñada, lo que causa una lectura fuera de límites. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://secunia.com/advisories/30775 http://securitytracker.com/id?1020144 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29513 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 12%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http:/ • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 2%CPEs: 77EXPL: 0CVE-2007-1884
https://notcve.org/view.php?id=CVE-2007-1884
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. Errores múltiples en signo de entero en la familia de funciones printf en PHP 4 versiones anteriores a 4.4.5 y PHP 5 versiones anteriores a 5.2.1 en arquitecturas de 64 bits permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante (1) argumentos numéricos negativos concretos que aparecen en la función php_formatted_print debido al truncamiento de 64 a 32 bits, y evitar una comprobación del máximo valor permitido; y (2) una longitud y precisión de -1, lo cual hace posible a la función php_sprintf_appendstring situar un búfer interno en una posición de memoria de su elección. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 http://www.osvdb.org/33955 http://www.osvdb.org/34767 http://www.php-security.org/MOPB/MOPB-38-2007.html http://www.php.net/releases/5_2_1.php http://www.securityfocus.com/bid/23219 http://www.vupen.com/ •
CVSS: 7.5EPSS: 21%CPEs: 3EXPL: 0CVE-2007-0897
https://notcve.org/view.php?id=CVE-2007-0897
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. Clam AntiVirus ClamAV anterior a 0.90 no cierra los descriptores de apertura de ficheros bajo ciertas condiciones, lo cual permite a atacantes remotos provocar denegación de servicio (consumo del descriptor de fichero y fallo de escaneo) a través de archivos CAB con una longitud de registro con una cabecera cabinet(.CAB) de cero, lo cual provoca que una función retorne sin cerrar el descriptor de fichero. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html http://osvdb.org/32283 http://secunia.com/advisories/24183 http://secunia.com/advisories/24187 http://secunia.com/advisories/24192 http://secunia.com/advisories/24319 http://secunia.com/advisories/24332 http:/&# • CWE-772: Missing Release of Resource after Effective Lifetime •