CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5496 – setroubleshoot log injection
https://notcve.org/view.php?id=CVE-2007-5496
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. Vulnerabilidad de ejecución de código en sitios cruzados en setroubleshoot 2.0.5, permite a usuarios locales inyectar código web oi HTMl a através de (1) un fichero o (2) un nombre de proceso, con disparadores en la entrada del fichero de registro de Access Vector Cache (AVC), durante la creación de documentos HTML para sealert • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020078 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29324 https://bugzilla.redhat.com/show_bug.cgi?id=288271 https://exchange.xforce.ibmcloud.com/vulnerabilities/42592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455 https://access.redhat.com/security/cve/CVE-2007-5496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5495 – setroubleshoot insecure logging
https://notcve.org/view.php?id=CVE-2007-5495
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. Vulnerabilidad en sealert in setroubleshoot 2.0.5, permite a los usuarios locales sobrescribir ficheros arbitrarios a través de un ataque mediate enlace simbólico en el fichero temporal sealert.log • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020077 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29320 https://bugzilla.redhat.com/show_bug.cgi?id=288221 https://exchange.xforce.ibmcloud.com/vulnerabilities/42591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705 https://access.redhat.com/security/cve/CVE-2007-5495 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 3CVE-2008-1767 – libxslt XSL 1.1.23 - File Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1767
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Vulnerabilidad de desbordamiento de búfer en pattern.c en libxslt anteriores a 1.1.24, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero de hoja de estilo XSL con una condición "transformation match" XSLT larga que dispara un número grande de pasos. • https://www.exploit-db.com/exploits/31815 http://bugzilla.gnome.org/show_bug.cgi?id=527297 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/30315 http://secunia.com/advisories/30323 http://secunia.com/advisories/30393 http://secunia.com/advisories/30521 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1944 – PVFB SDL backend chokes on bogus screen updates
https://notcve.org/view.php?id=CVE-2008-1944
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." Un desbordamiento de búfer en el backend del búfer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegación de servicio (bloqueo de SDL) y posiblemente ejecutar código arbitrario por medio de "bogus screen updates," relacionadas con la falta de comprobación del "format of messages." • http://secunia.com/advisories/29963 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29186 http://www.securitytracker.com/id?1020009 https://bugzilla.redhat.com/show_bug.cgi?id=443390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 https://access.redhat.com/security/cve/CVE-2008-1944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1943 – PVFB backend fails to validate frontend's framebuffer description
https://notcve.org/view.php?id=CVE-2008-1943
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •