Page 34 of 306 results (0.009 seconds)

CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 0

CVE-2007-0455 – gd: buffer overrun

https://notcve.org/view.php?id=CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Desbordamiento de búfer en la función gdImageStringFTEx en gdft.c de GD Graphics Library 2.0.33 y anteriores permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección mediante una cadena manipulada con una fuente JIS codificada. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 0

CVE-2006-6235

https://notcve.org/view.php?id=CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia. •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2006-4342

https://notcve.org/view.php?id=CVE-2006-4342

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked. En núcleo en Red Hat Enterprise Linux 3, al ejecutarse en sistemas SMP, permite a usuarios locales provocar una denegación de servicio (punto muerto) ejecutando la función shmat en un shm al mismo tiempo que shmctl está borrando ese shm (IPC_RMID), lo cual previene a un hilo bloqueado en un bucle (spinlock) de ser desbloqueado. • http://secunia.com/advisories/22497 http://secunia.com/advisories/23064 http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm http://www.kb.cert.org/vuls/id/245984 http://www.redhat.com/support/errata/RHSA-2006-0710.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205618 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9649 https://access.redhat.com/security/cve/CVE-2006-4342 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-667: Improper Locking •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

CVE-2006-2933

https://notcve.org/view.php?id=CVE-2006-2933

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. kdesktop_lock en kdebase versiones anteriores a 3.1.3-5.11 para KDE en Red Hat Enterprise Linux (RHEL) 3 no termina apropiadamente, lo cual puede impedir que el salva-pantallas se active, o impedir que los usuarios bloqueen manualmente el escritorio. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755 http://secunia.com/advisories/21203 http://securitytracker.com/id?1016571 http://www.redhat.com/support/errata/RHSA-2006-0576.html http://www.securityfocus.com/bid/19152 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10535 https://access.redhat.com/security/cve/CVE-2006-2933 https://bugzilla.redhat.com/show_bug.cgi?id=1618125 •

CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0

CVE-2005-1918 – tar archive path traversal issue

https://notcve.org/view.php?id=CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://secunia.com/advisories/18988 http://secunia.com/advisories/19130 http://secunia.com/advisories/19183 http://secunia.com/advisories/20397 http://securitytracker.com/id?1015655 http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.redhat.com/support/errata/RHSA-2006-0195.html http://www.securityfocus.com/archive/1/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •