CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 4.7EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3739 – LTC36188-Don't allow the stack to grow into hugetlb reserved regions
https://notcve.org/view.php?id=CVE-2007-3739
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. mm/mmap.c en el núcleo hugetlb, cuando se ejecuta en un sistema PowerP, no evita que la expansión de la pila entre en una página de memoria reservada por el núcleo, lo cual permite a usuarios locales provocar una denegación de servicio (OOPS) mediante vectores no especificados. • http://lkml.org/lkml/2007/1/29/180 http://secunia.com/advisories/23955 http://secunia.com/advisories/26760 http://secunia.com/advisories/26955 http://secunia.com/advisories/26978 http://secunia.com/advisories/27436 http://secunia.com/advisories/27747 http://secunia.com/advisories/27913 http://secunia.com/advisories/29058 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm http://www.debian.org/security/2007/dsa-1378 http://www.debian.org/security/2008&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3849 – Rebase aide to 0.13.1
https://notcve.org/view.php?id=CVE-2007-3849
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. Red Hat Enterprise Linux (RHEL) versión 5 envía las rpm para Advanced Intrusion Detection Environment (AIDE) versiones anteriores a 0.13.1 con una base de datos que carece de información de suma de verificaciones, lo que permite a atacantes dependiendo del contexto omitir las comprobaciones de integridad de archivo y modificar ciertos archivos. • http://osvdb.org/40439 http://secunia.com/advisories/26711 http://www.redhat.com/support/errata/RHSA-2007-0539.html http://www.securityfocus.com/bid/25542 http://www.securitytracker.com/id?1018652 https://bugzilla.redhat.com/show_bug.cgi?id=236923 https://exchange.xforce.ibmcloud.com/vulnerabilities/36452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10217 https://access.redhat.com/security/cve/CVE-2007-3849 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 7%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los enlaces simbólicos de directorio en un fichero TAR. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26573 http://secunia.com/advisories/26590 http://secunia.com/advisories/26603 http://secunia.com/advisories/26604 http://secunia.com/advisories/26655 http://secunia.com/advisories/26673 http://secunia.com/advisories/26674 http://secunia.com/advisories/26781 http:&#x •
CVSS: 2.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3099 – dos flaws in open-iscsi (CVE-2007-3100)
https://notcve.org/view.php?id=CVE-2007-3099
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). El usr/mgmt_ipc.c del iscsid en el open-iscsi (iscsi-initiator-utils) anterior al 2.0-865 comprueba los UID de los clientes en el socket de escucha AF_LOCAL en vez de en la nueva conexión, lo que permite a atacantes remotos acceder al interfaz de administración y provocar una denegación de servicio (salida del iscsid o pérdida de conexión iSCSI). • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 http://osvdb.org/37269 http://secunia.com/advisories/25679 http://secunia.com/advisories/25749 http://secunia.com/advisories/26438 http://secunia.com/advisories/26543 http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html http://svn.berlios.de/viewcvs/open-iscsi?rev=857&view=rev http://www.debian.org/security/2007/dsa-1314 http://www.novell.com/linux/security/advisories/2007_17_sr.html http:/& •