Page 502 of 2946 results (0.024 seconds)

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1

CVE-2007-5901 – krb5: use-after-free in gssapi lib

https://notcve.org/view.php?id=CVE-2007-5901

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2007-5971 – krb5: double free in gssapi lib

https://notcve.org/view.php?id=CVE-2007-5971

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Una vulnerabilidad de doble liberación en la función gss_krb5int_make_seal_token_v3 en la biblioteca lib/gssapi/krb5/k5sealv3.c en MIT Kerberos 5 (krb5), presenta un impacto desconocido y vectores de ataques. • http://bugs.gentoo.org/show_bug.cgi?id=199212 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43345 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 13%CPEs: 1EXPL: 3

CVE-2007-6165 – Apple Mail.app - Image Attachment Command Execution

https://notcve.org/view.php?id=CVE-2007-6165

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Mail en Apple Mac OS X Leopard (versión 10.5.1), permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo adjunto AppleDouble que contiene un tipo de archivo y un script aparentemente seguros en una bifurcación de recursos, que no advierte al usuario que un programa separado va a ser ejecutado NOTA: este es un error de regresión relacionado con CVE-2006-0395. • https://www.exploit-db.com/exploits/16870 https://www.exploit-db.com/exploits/30781 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27785 http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.heise-security.co.uk/news/99257 http://www.kb.cert.org/vuls/id/433819 http://www.securityfocus.com/bid/26510 http://www.us-cert.gov/ • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 96%CPEs: 40EXPL: 8

CVE-2007-6166 – Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)

https://notcve.org/view.php?id=CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Un desbordamiento de búfer en la región stack de la memoria en Apple QuickTime anterior a la versión 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) ejecutar código arbitrario por medio de una respuesta RTSP con un encabezado Content-Type largo. • https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/16873 https://www.exploit-db.com/exploits/6013 https://www.exploit-db.com/exploits/4657 https://www.exploit-db.com/exploits/4664 https://www.exploit-db.com/exploits/4651 https://www.exploit-db.com/exploits/11027 https://www.exploit-db.com/exploits/16424 http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0

CVE-2007-4703

https://notcve.org/view.php?id=CVE-2007-4703

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. El Firewall de Aplicación en Apple Mac OS X versión 10.5, no previene a un proceso de root de aceptar conexiones entrantes, incluso cuando ha sido establecido "Block incoming connections" para su ejecutable asociado, lo que podría permitir a atacantes remotos o procesos de root locales omitir las restricciones de acceso previstas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26460 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38479 •