CVE-2012-4415 – libguac - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-4415
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. Desbordamiento de bufer basado en pila en la función guac_client_plugin_open en libguac en Guacamole antes de v0.6.3, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de un nombre de protocolo largo. • https://www.exploit-db.com/exploits/37788 http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html http://www.openwall.com/lists/oss-security/2012/09/11/3 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0049
https://notcve.org/view.php?id=CVE-2012-0049
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. OpenTTD versiones anteriores a 1.1.5, contiene una Denegación de Servicio (ataque de lectura lenta) que impide que los usuarios se unan al servidor. • http://security.openttd.org/en/CVE-2012-0049 http://www.debian.org/security/2012/dsa-2524 http://www.openwall.com/lists/oss-security/2012/01/13/9 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049 https://security-tracker.debian.org/tracker/CVE-2012-0049 • CWE-400: Uncontrolled Resource Consumption •
CVE-2012-2095 – WICD 1.7.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-2095
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. La función SetWiredProperty en la interfaz D-Bus en WICD anterior a 1.7.2 permite a usuarios locales escribir ajustes de configuración arbitrarios y ganar privilegios a través de un nombre de propiedad manipulado en un mensaje dbus. • https://www.exploit-db.com/exploits/18733 http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.html http://secunia.com/advisories/48759 http://secunia.com/advisories/49657 http://www • CWE-20: Improper Input Validation •
CVE-2011-4088 – abrt: may leak some personal information to bugzilla with some certain applications
https://notcve.org/view.php?id=CVE-2011-4088
ABRT might allow attackers to obtain sensitive information from crash reports. ABRT podría permitir a atacantes obtener información confidencial de los reportes de fallos. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html https://exchange.xforce.ibmcloud.com/vulnerabilities/71871 https://access.redhat.com/security/cve/CVE-2011-4088 https://bugzilla.redhat.com/show_bug.cgi?id=749854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-1149 – libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
https://notcve.org/view.php?id=CVE-2012-1149
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un objeto de imagen especificamente modificado para este fin incrustado en el documento, tal y como lo demuestra una imagen JPEG en un archivo .DOC, que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html http://rhn.redhat.com/errata/RHSA-2012-0705.html http://secunia.com/advisories/46992 http://secunia.com/advisories/47244 http://secunia.com/advisories/49140 http://secunia.com/advisories/49373 http://secunia.com/advisories/49392 http://secunia.com/advisories/50692 h • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •