Page 66 of 382 results (0.021 seconds)

CVSS: 7.8EPSS: 10%CPEs: 20EXPL: 0

CVE-2007-2833

https://notcve.org/view.php?id=CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. Emacs 21 permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) a través de ciertas imágenes modificadas, como lo demostrado a través de imágenes GIF en el modo vm, relacionado con el cálculo del tamaño de la imagen. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929 http://secunia.com/advisories/26987 http://www.debian.org/security/2007/dsa-1316 http://www.mandriva.com/security/advisories?name=MDKSA-2007:133 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.securityfocus.com/bid/24570 http://www.securitytracker.com/id?1018277 http://www.ubuntu.com/usn/usn-504-1 https://issues.rpath.com/browse/RPL-1490 •

CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0

CVE-2007-3278 – dblink allows proxying of database connections via 127.0.0.1

https://notcve.org/view.php?id=CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 y probablemente versiones posteriores, cuando la autenticación de confianza local está habilitada y la librería de enlace a base de datos (Database Link Library (dblink) está instalada, permite a atacantes remotos acceder a cuentas de su elección y ejecutar peticiones SQL mediante un parámetro host de dblink que hace de proxy de la conexión desde 127.0.0.1. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://osvdb.org/40899 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/29638 http://security.gentoo.org/glsa/glsa-200801-15.xml h • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0

CVE-2007-2691 – mysql DROP privilege not enforced when renaming tables

https://notcve.org/view.php?id=CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. MySQL anterior a 4.1.23, 5.0.x anterior a 5.0.42, y 5.1.x anterior a 5.1.18 no requiere el privilegio DROP para sentencias RENAME TABLE, lo cual permite a usuarios autenticados remotamente renombrar tablas de su elección. • http://bugs.mysql.com/bug.php?id=27515 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34766 http://secunia.com/advisories/25301 http://secunia.com/advisories/25946 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia. •

CVSS: 7.2EPSS: 13%CPEs: 8EXPL: 0

CVE-2007-2444

https://notcve.org/view.php?id=CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. Error lógico en la funcionalidad de traducción SID/Name en smbd en Samba 3.0.23d hasta 3.0.25pre2 permite a usuarios locales ganar privilegios de forma temporal y ejecutar operaciones del protocolo SMB/CIFS a través de vectores no especificados que provocan que el demonio transite al usuario root. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html http://osvdb.org/34698 http://secunia.com/advisories/25232 http://secunia.com/advisories/25241 http://secunia.com/advisories/25246 http://secunia.com/advisories/25251 http://secunia.com/advisories/25255 http://secunia.com/advisories/25256 http://secunia.com/advisories/25259 http://secunia.com/advisories/25270 http • CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0

CVE-2007-2650

https://notcve.org/view.php?id=CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. El analazidor sintáctico OLE2 en Clam AntiVirus (ClamAV) permite a atacantes remotos provocar denegación de servicio (consumo de recursos) a través de un archivo OLE2 con (1)un tamaño grande de la propiedad o (2) un bucle en la cadena del bloque del archivo del FAT que dispara un bucle infinito, como se demostró a través de un archivo DOC manipulado. • http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853 http://kolab.org/security/kolab-vendor-notice-15.txt http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html http://secunia.com/advisories/25244 http://secunia.com/advisories/25523 http://secunia.com/advisories/25525 http://secunia.com/advisories/25553 http://secunia.com/advisories/25558 http://secunia.com/advisories/25688 http://secunia.com/advisories/25796 http://security.gentoo.org/glsa/glsa-200706& • CWE-400: Uncontrolled Resource Consumption •