CVSS: 9.8EPSS: 3%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
18 Jan 2008 — The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones,... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 88%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6206 – Issue with core dump owner
https://notcve.org/view.php?id=CVE-2007-6206
04 Dec 2007 — The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. La función do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de núcleo si ést... • http://bugzilla.kernel.org/show_bug.cgi?id=3043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 48EXPL: 0CVE-2007-5197
https://notcve.org/view.php?id=CVE-2007-5197
02 Nov 2007 — Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. El desbordamiento de búfer en la clase Mono.Math.BigInteger en Mono versión 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar código arbitrario por medio de vectores no específicos relacionados a Reduce en métodos Pow basados en Montgomery. • http://bugs.gentoo.org/attachment.cgi?id=134361&action=view • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5729
https://notcve.org/view.php?id=CVE-2007-5729
30 Oct 2007 — The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability. El emulador NE2000 en QEMU 0.8.2 permite a usuarios local... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5200
https://notcve.org/view.php?id=CVE-2007-5200
14 Oct 2007 — hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. hugin, tal como se utiliza en varios sistemas operativos, incluyendo SUSE openSUSE versión 10.2 y versión 10.3, permite a los usuarios locales sobrescribir archivos arbitrarios mediante un ataque de symlink en el archivo temporal hugin_debug_optim_results.txt. • http://osvdb.org/42224 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1320 – xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow
https://notcve.org/view.php?id=CVE-2007-1320
02 May 2007 — Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. Múltiples desbordamientos de búfer en la región heap de la memoria en la función cirrus_invalidate_region en la extensión Cirrus VGA en QEMU versión 0.8.2, como es usado en Xen y... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html • CWE-787: Out-of-bounds Write •