CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5159
https://notcve.org/view.php?id=CVE-2007-5159
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. El paquete ntfs-3g anterior a 1.913-2.fc7 en Fedora 7, y en el paquete kntfs-3g package en Ubuntu 7.10/Gutsy, asigna de forma incorrecta los permisos (setuid root) en mount.ntfs-3g, el cual permite a usuarios locales siendo miembros de fuse leer y escribir dispositivos de bloque de su elección, posiblemente afectando a un descriptor de fichero débil. • http://secunia.com/advisories/26938 https://bugzilla.redhat.com/show_bug.cgi?id=298651 https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://secunia.com/advisories/26674 http://secunia.com/advisories/26987 http://secunia.com/advisories/27331 http://secunia.com/advisories/27453 http://secunia.com/advisories/27514 http://secunia.com/advisories/27681 http://secunia.com/advisories/27857 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-4657
https://notcve.org/view.php?id=CVE-2007-4657
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de hilo) a través de un valor de len grande en la función (1) strspn o (2) strcspn, lo cual dispara un lectura fuera de límite. NOTA: estos afecta a diferentes versiones de producto que al CVE-2007-3996. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://secunia.com/advisories/28318 http://secunia.com/advisories/28936 http://secunia.com/advisories/30288 http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability http://slackware.com/security/viewer.php?l=slackware& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2007-3998 – php floating point exception inside wordwrap
https://notcve.org/view.php?id=CVE-2007-3998
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación o bucle infinito) a través de ciertos argumentos, como lo demostrado con el establecimiento del argumento 'chr(0), 0, ""'. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a través de cabeceras de datos manipulados que disparan una sobre-lectura de búfer. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/200 • CWE-125: Out-of-bounds Read •