Page 67 of 382 results (0.008 seconds)

CVSS: 5.0EPSS: 17%CPEs: 14EXPL: 0

pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. El pptpgre.c en el PoPToP Point to Point Tunneling Server (pptpd)anterior al 1.3.4 permite a atacantes remotos provocar una denegación de servicio (derribo -tear-down- de la conexión PPTP) mediante (1) paquetes GRE con secuencias de números fuera de rango o (2)ciertos paquetes GRE que son procesados utilizando un puntero erróneo y quitado de la cola incorrectamente. • http://secunia.com/advisories/25220 http://secunia.com/advisories/25255 http://secunia.com/advisories/26987 http://security.gentoo.org/glsa/glsa-200705-18.xml http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827 http://www.debian.org/security/2007/dsa-1288 http://www.novell.com/linux/security/advisories/2007_10_sr.html http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.securityfocus.com/bid/23886 http://www.securitytracker.c •

CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 2

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. La función in_decimal::set en el archivo item_cmpfunc.cc en mySQL versiones anteriores a 5.0.40, y versiones 5.1 anteriores a 5.1.18-beta, permite a atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) por medio de una cláusula IF especialmente diseñada que resulta en un error de división por cero y una desreferencia del puntero NULL. MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability. • https://www.exploit-db.com/exploits/30020 http://bugs.mysql.com/bug.php?id=27513 http://lists.mysql.com/commits/23685 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html http://secunia.com/advisories/25188 http://secunia.com/advisories/25196 http://secunia.com/advisories/25255 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advis •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. Desbordamiento de búfer en la librería libxmlrpc incluida en PHP anterior a 4.4.7, y 5.x anterior a 5.2.2, tiene impacto y vectores de ataque remotos desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/34674 http://secunia.com/advisories/25187 http://secunia.com/advisories/25191 http://secunia.com/advisories/25255 http://secunia.com/advisories/25445 http://secunia.com/advisories/25660 http://secunia.com/advisories/25938 http://secunia.com/advisories/25945 http://secunia.com/advisories/26048 http://secunia.com/advisories/26102 http://secunia.com/advisories/27377 http://security.gent • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. Un error en la propiedad signedness de enteros en el emulador NE2000 en QEMU versión 0.8.2, tal y como es usado en Xen y posiblemente otros productos, permite a usuarios locales desencadenar un desbordamiento de búfer en la región heap de la memoria por medio de ciertos valores de registro que omiten las comprobaciones de saneamiento, también se conoce como error en la propiedad signedness de enteros "receive" de QEMU NE2000. NOTA: este identificador fue usado inadvertidamente por algunas fuentes para cubrir múltiples problemas que fueron etiquetados como "NE2000 network driver and the socket code”, pero se han creado identificadores separados para las vulnerabilidades individuales ya que existen algunas veces diferentes correcciones; consulte CVE-2007-5729 y CVE-2007-5730. • http://osvdb.org/35495 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27072 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://securitytracker.com/id?1018761 http://taviso.decsystem.org/virtsec.pdf http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.debian.org/security/2007/dsa-1284 http://w •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. QEMU 0.8.2 permite a usuarios locales colgar una máquina virtual mediante el operando divisor en la instrucción aam, como se ha demostrado "aam 0x0", la cual dispara un error de división por cero. • http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html http://osvdb.org/35498 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/29129 http://taviso.decsystem.org/virtsec.pdf http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.securityfocus.com/bid/23731 http://www.v •