Page 30 of 306 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 3

CVE-2008-1767 – libxslt XSL 1.1.23 - File Processing Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-1767

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Vulnerabilidad de desbordamiento de búfer en pattern.c en libxslt anteriores a 1.1.24, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero de hoja de estilo XSL con una condición "transformation match" XSLT larga que dispara un número grande de pasos. • https://www.exploit-db.com/exploits/31815 http://bugzilla.gnome.org/show_bug.cgi?id=527297 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/30315 http://secunia.com/advisories/30323 http://secunia.com/advisories/30393 http://secunia.com/advisories/30521 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-1944 – PVFB SDL backend chokes on bogus screen updates

https://notcve.org/view.php?id=CVE-2008-1944

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." Un desbordamiento de búfer en el backend del búfer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegación de servicio (bloqueo de SDL) y posiblemente ejecutar código arbitrario por medio de "bogus screen updates," relacionadas con la falta de comprobación del "format of messages." • http://secunia.com/advisories/29963 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29186 http://www.securitytracker.com/id?1020009 https://bugzilla.redhat.com/show_bug.cgi?id=443390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 https://access.redhat.com/security/cve/CVE-2008-1944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-1943 – PVFB backend fails to validate frontend's framebuffer description

https://notcve.org/view.php?id=CVE-2008-1943

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-5001 – kernel asynchronous IO on a FIFO kernel panic

https://notcve.org/view.php?id=CVE-2007-5001

Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. El Kernel de Linux versiones anteriores a la 2.4.21, permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de una entrada o salida asíncrona en un fichero especial FIFO. • http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://osvdb.org/44987 http://secunia.com/advisories/30110 http://secunia.com/advisories/31246 http://www.redhat.com/support/errata/RHSA-2008-0211.html http://www.securityfocus.com/bid/29083 http://www.vupen.com/english/advisories/2008/2222/references https://bugzilla.redhat.com/show_bug.cgi?id=326251 https://exchange.xforce.ibmcloud.com/vulnerabilities/42273 https://oval.cisecurity.org/repository/search/definition • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2008-1198 – initscripts: IPSec ifup script allows for aggressive IKE mode

https://notcve.org/view.php?id=CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. La secuencia de comandos por defecto IPSec ifup en Red Hat Enterprise Linux de 3 a 5 configura racoon para utilizar el modo agresivo de IKE en vez del modo principal de IKE, lo que facilita a atacantes remotos llevar a cabo ataques de fuerza bruta husmeando una clave hash que no ha sido compartida sin encriptar (PSK). • http://secunia.com/advisories/48045 http://www.ernw.de/download/pskattack.pdf http://www.securitytracker.com/id?1019563 https://bugzilla.redhat.com/show_bug.cgi?id=435274 https://exchange.xforce.ibmcloud.com/vulnerabilities/41053 https://access.redhat.com/security/cve/CVE-2008-1198 •