CVSS: 7.5EPSS: 10%CPEs: 7EXPL: 2CVE-2008-1721 – Python zlib Module - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1721
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. Error de signo en entero en el módulo de extensión zlib en Python 2.5.2 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un entero negativo, lo que provoca una asignación insuficiente de memoria y un desbordamiento de búfer. • https://www.exploit-db.com/exploits/31634 http://bugs.python.org/issue2586 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http:& • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 64%CPEs: 9EXPL: 0CVE-2008-0062 – krb5: uninitialized pointer use in krb5kdc
https://notcve.org/view.php?id=CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecución de código de su elección mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberación de memoria (double-free). • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secun • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 3%CPEs: 76EXPL: 0CVE-2008-1195 – Java-API calls in untrusted Javascript allow network privilege escalation
https://notcve.org/view.php?id=CVE-2008-1195
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. Vulnerabilidad sin especificar en Sun JDK y Java Runtime Environment (JRE) 6 Actualización 4 y anteriores y 5.0 Update 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos acceder a servicios de red de su elección en el host local a través de vectores no especificados relacionados con JavaScript y APIs de Java. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29526 http://secunia.com/advisories/29541 http://secun • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •