CVE-2008-3832 – Linux Kernel (Fedora 8/9) - 'utrace_control' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2008-3832
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. Cierto parche de Fedora en el subsistema utrace de Linux Kernel versiones anteriores a v2.6.26.5-28 de Fedora 8, y versiones anteriores a v2.6.26.5-45 de Fedora 9, permite a usuarios locales provocar una denegación de servicio (puntero de referencia NULL y caída o cuelgue del sistema) a través de la llamada a la función utrace_control. • https://www.exploit-db.com/exploits/32451 http://kerneloops.org/oops.php?number=56705 http://www.openwall.com/lists/oss-security/2008/10/02/1 http://www.securityfocus.com/bid/31536 https://bugzilla.redhat.com/show_bug.cgi?id=464883 https://exchange.xforce.ibmcloud.com/vulnerabilities/45644 • CWE-399: Resource Management Errors •
CVE-2008-3969
https://notcve.org/view.php?id=CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. Múltiples vulnerabilidades sin especificar en BitlBee versiones anteriores a 1.2.3 permiten a atacantes remotos "sobrescribir" y "secuestrar" cuentas existentes a través de vectores no especificados. NOTA: esta cuestión existe debido a una incompleta para fijar CVE-2008-3920. • http://secunia.com/advisories/31690 http://secunia.com/advisories/31991 http://security.gentoo.org/glsa/glsa-200809-14.xml http://www.bitlbee.org/main.php/changelog.html http://www.bitlbee.org/main.php/news.r.html http://www.openwall.com/lists/oss-security/2008/09/08/1 http://www.openwall.com/lists/oss-security/2008/09/09/11 http://www.securityfocus.com/bid/31342 https://bugzilla.redhat.com/show_bug.cgi?id=461424 https://exchange.xforce.ibmcloud.com/vulnerab •
CVE-2008-3282 – openoffice.org: numeric truncation error in memory allocator (64bit)
https://notcve.org/view.php?id=CVE-2008-3282
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Desbordamiento de entero en la función rtl_allocateMemory en sal/rtl/sourcealloc_global.c en el localizador de memoria de OpenOffice.org (OOo) 2.4.1, sobre plataformas 64-bit, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o, posiblemente, ejecución de código arbitrario a través de un documento manipulado, relacionado con "error de truncamiento numérico", es una vulnerabilidad distinta de la CVE-2008-2152. • http://secunia.com/advisories/31640 http://secunia.com/advisories/31646 http://secunia.com/advisories/31778 http://securitytracker.com/id?1020764 http://www.openoffice.org/issues/show_bug.cgi?id=92217 http://www.redhat.com/support/errata/RHSA-2008-0835.html http://www.securityfocus.com/bid/30866 http://www.vupen.com/english/advisories/2008/2449 https://bugzilla.redhat.com/show_bug.cgi?id=455867 https://bugzilla.redhat.com/show_bug.cgi?id=458056 https://exchange.xforce • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2008-2951
https://notcve.org/view.php?id=CVE-2008-2951
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. Una vulnerabilidad de Redireccionamiento Abierto en el script de búsqueda en Trac anterior a versión 0.10.5, permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de una URL en el parámetro q, posiblemente relacionada con la función quickjump. • http://holisticinfosec.org/content/view/72/45 http://secunia.com/advisories/31314 http://trac.edgewall.org/wiki/ChangeLog http://www.osvdb.org/46513 http://www.securityfocus.com/bid/30402 https://exchange.xforce.ibmcloud.com/vulnerabilities/44043 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2008-3252
https://notcve.org/view.php?id=CVE-2008-3252
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. Desbordamiento de búfer basado en pila en la función read_article en getarticle.c en newsx 1.6, permite a atacantes remotos ejecutar código de su elección a través de un artículo de noticias que contiene un gran número de líneas que empiezan con un período. • http://secunia.com/advisories/31080 http://secunia.com/advisories/31307 http://www.debian.org/security/2008/dsa-1622 http://www.securityfocus.com/bid/30231 https://bugzilla.redhat.com/show_bug.cgi?id=454483 https://exchange.xforce.ibmcloud.com/vulnerabilities/43844 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •