CVSS: 9.3EPSS: 92%CPEs: 6EXPL: 0CVE-2006-6504 – Mozilla Firefox SVG Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-6504
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos ejecutar código de su elección añadiendo un nodo DOM con un comentario SVG a otro tipo de documento, lo cual desemboca en una corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling of SVG comment objects. Firefox does not correctly handle requests to append SVG comments to elements in other types of documents. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23422 http://secunia.com/advisories& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5649
https://notcve.org/view.php?id=CVE-2006-5649
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. Vulnerabilidad sin especificar en el "manejador de excepciones del check de alineamiento" en el Ubuntu 5.10, 6.06 LTS, y 6.10 para el PowerPC (PPC) permite a usuarios locales provocar una denegación de servicio (kernel panic) mediante vectores sin especificar. • http://secunia.com/advisories/23361 http://secunia.com/advisories/23370 http://secunia.com/advisories/23384 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://www.novell.com/linux/security/advisories/2006_79_kernel.html http://www.securityfocus.com/bid/21523 http://www.ubuntu.com/usn/usn-395-1 http://www.us.debian.org/security/2006/dsa-1233 http://www.us.debian.org/security/2006/dsa-1237 •
CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 0CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia. •
CVSS: 9.3EPSS: 2%CPEs: 6EXPL: 0CVE-2006-5868 – Insufficient boundary check in ImageMagick's SGIDecode()
https://notcve.org/view.php?id=CVE-2006-5868
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Múltiples desbordamientos de búfer en Imagemagick 6.0 anterior a 6.0.6.2, y 6.2 anterior a 6.2.4.5, tiene un impacto desconocido y vectores de ataque con la complicidad del usuario a través de una imagen SGI manipulada. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://secunia.com/advisories/22998 http://secunia.com/advisories/23101 http://secunia.com/advisories/23219 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 http://www.debian.org/security/2006/dsa-1213 http://www.mandriva.com/security/advisories?name=MDKSA-2006:223 http://www.redhat.com/support/errata/RHSA-2007-0015.html http://www.securityfocus.com/bid/21185 http://www.ubun •
CVSS: 7.5EPSS: 87%CPEs: 4EXPL: 5CVE-2006-5779
https://notcve.org/view.php?id=CVE-2006-5779
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. Vulnerabilidad no especificada en el paquete openldap-2.2.29-1 de OpenLDAP en Fedora Core 4 (FC4), permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante cierta combinación de peticiones LDAP BIND que disparan un fallo de aserción. • http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz http://gleg.net/vulndisco_meta.shtml http://secunia.com/advisories/22750 http://secunia.com/advisories/22953 http://secunia.com/advisories/22996 http://secunia.com/advisories/23125 http://secunia.com/advisories/23133 http://secunia.com/advisories/23152 http://secunia.com/advisories/23170 http://security.gentoo.org/glsa/glsa-200611-25.xml http://securityreason.com/securityalert/1831 http://securitytracker.com/id?1017166 http&# • CWE-617: Reachable Assertion •