CVSS: 8.5EPSS: 5%CPEs: 45EXPL: 0CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 17%CPEs: 11EXPL: 0CVE-2007-1463
https://notcve.org/view.php?id=CVE-2007-1463
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Vulnerabilidad en el formato de cadena en el Inkscape anterior al 0.45.1 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante especificadores del formato de cadena en una URI,lo que no es manejado correctamente mediante ciertos diálogos. • http://secunia.com/advisories/24584 http://secunia.com/advisories/24597 http://secunia.com/advisories/24615 http://secunia.com/advisories/24661 http://secunia.com/advisories/24859 http://secunia.com/advisories/25072 http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:069 http://www.novell.com/linux/security/advisories/2007_8_sr.html h •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5877
https://notcve.org/view.php?id=CVE-2006-5877
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. La extensión enigmail anterior 0.94.2 no maneja adecuadamente los ficheros adjuntos encriptados al e-mail, lo cual permite a atacantes remotos provocar denegación de servicio (caida), como se demostró con Mozilla Thunderbird. • http://bugzilla.mozdev.org/show_bug.cgi?id=9730 http://enigmail.mozdev.org/changelog.html#enig0.94.2 http://www.securityfocus.com/bid/22684 http://www.ubuntu.com/usn/usn-427-1 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5648
https://notcve.org/view.php?id=CVE-2006-5648
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. Ubuntu Linux 6.10 para PowerPC (PPC) permite a usuarios locales provocar una denegación de servicio (consumo de recursos) utilizando las funciones (1) sys_get_robust_list y (2) sys_set_robust_list para crear procesos que no pueden ser eliminados. • http://secunia.com/advisories/23361 http://secunia.com/advisories/23384 http://secunia.com/advisories/23474 http://www.novell.com/linux/security/advisories/2006_79_kernel.html http://www.securityfocus.com/bid/21582 http://www.ubuntu.com/usn/usn-395-1 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5649
https://notcve.org/view.php?id=CVE-2006-5649
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. Vulnerabilidad sin especificar en el "manejador de excepciones del check de alineamiento" en el Ubuntu 5.10, 6.06 LTS, y 6.10 para el PowerPC (PPC) permite a usuarios locales provocar una denegación de servicio (kernel panic) mediante vectores sin especificar. • http://secunia.com/advisories/23361 http://secunia.com/advisories/23370 http://secunia.com/advisories/23384 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://www.novell.com/linux/security/advisories/2006_79_kernel.html http://www.securityfocus.com/bid/21523 http://www.ubuntu.com/usn/usn-395-1 http://www.us.debian.org/security/2006/dsa-1233 http://www.us.debian.org/security/2006/dsa-1237 •