CVSS: 7.1EPSS: 1%CPEs: 358EXPL: 1CVE-2009-0778 – kernel: rt_cache leak leads to lack of network connectivity
https://notcve.org/view.php?id=CVE-2009-0778
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Caché de Destino (alias DST) en alguna situación que involucra transmisión de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegación de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a "rt_cache leak." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 http://openwall.com/lists/oss-security/2009/03/11/2 http://secunia.com/advisories/33758 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 http://www.redhat.com/support/errata/RHSA-2009-0326.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34084 http:/&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/3172 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1944 – PVFB SDL backend chokes on bogus screen updates
https://notcve.org/view.php?id=CVE-2008-1944
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." Un desbordamiento de búfer en el backend del búfer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegación de servicio (bloqueo de SDL) y posiblemente ejecutar código arbitrario por medio de "bogus screen updates," relacionadas con la falta de comprobación del "format of messages." • http://secunia.com/advisories/29963 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29186 http://www.securitytracker.com/id?1020009 https://bugzilla.redhat.com/show_bug.cgi?id=443390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 https://access.redhat.com/security/cve/CVE-2008-1944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1943 – PVFB backend fails to validate frontend's framebuffer description
https://notcve.org/view.php?id=CVE-2008-1943
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •