CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3100 – dos flaws in open-iscsi (CVE-2007-3100)
https://notcve.org/view.php?id=CVE-2007-3100
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. usr/log.c en iscsid en open-iscsi (iscsi-initiator-utils) anterior a 2.0-865 utiliza un semáforo con permisos no seguros (world-writable/world-readable) para gestionar los mensajes de log utilizando memoria compartida, lo cual permite a usuarios locales provocar denegación de servicio (cuelgue) tomando el semáforo. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 http://osvdb.org/37270 http://secunia.com/advisories/25679 http://secunia.com/advisories/25749 http://secunia.com/advisories/26438 http://secunia.com/advisories/26543 http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html http://svn.berlios.de/viewcvs/open-iscsi?rev=858&view=rev http://www.debian.org/security/2007/dsa-1314 http://www.novell.com/linux/security/advisories/2007_17_sr.html http:/& •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2007-0771 – Tracing execution of a threaded executable causes kernel BUG report
https://notcve.org/view.php?id=CVE-2007-0771
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. El soporte utrace en el kernel de Linux versión 2.6.18 y otras versiones, permite a usuarios locales causar una denegación de servicio (bloqueo de sistema) relacionado con el "MT exec + utrace_attach spin failure mode," como es demostrado por el archivo ptrace-thrash.c. • http://osvdb.org/35927 http://secunia.com/advisories/25080 http://securitytracker.com/id?1017979 http://www.redhat.com/support/errata/RHSA-2007-0169.html http://www.securityfocus.com/bid/23720 https://bugzilla.redhat.com/show_bug.cgi?id=227952 https://bugzilla.redhat.com/show_bug.cgi?id=228816 https://exchange.xforce.ibmcloud.com/vulnerabilities/34128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9447 https://access.redhat.com/security/cve/ •
CVSS: 8.5EPSS: 5%CPEs: 45EXPL: 0CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2007-0998 – HVM guest VNC server allows compromise of entire host OS by any VNC console user
https://notcve.org/view.php?id=CVE-2007-0998
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. La implementación del servidor VNC en QEMU, como es usada por Xen y posiblemente otros entornos, permite a usuarios locales de un sistema operativo invitado leer archivos arbitrarios en el sistema operativo host por medio de vectores no especificados relacionados con el modo de monitoreo de QEMU, como es demostrado al mapear archivos hacia un dispositivo CDROM. NOTA: algunos de estos detalles son obtenidos a partir de información de terceros. • http://fedoranews.org/cms/node/2802 http://fedoranews.org/cms/node/2803 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://osvdb.org/34304 http://rhn.redhat.com/errata/RHSA-2007-0114.html http://secunia.com/advisories/24575 http://secunia.com/advisories/51413 http://www.securityfocus.com/bid/22967 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2007-0980
https://notcve.org/view.php?id=CVE-2007-0980
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. Vulnerabilidad no especificada en HP Serviceguard para Linux; empaquetado para SuSE SLES8 y United Linux 1.0 versiones anteriores a SG A.11.15.07, SuSE SLES9 y SLES10 versiones anteriores a SG A.11.16.10, y Red Hat Enterprise Linux (RHEL) versiones anteriores a SG A.11.16.10; permite a atacantes remotos obtener acceso no autorizado mediante vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00860750 http://osvdb.org/33201 http://secunia.com/advisories/24134 http://www.securityfocus.com/bid/22574 http://www.securitytracker.com/id?1017655 http://www.vupen.com/english/advisories/2007/0619 •