CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1685
https://notcve.org/view.php?id=CVE-2008-1685
06 Apr 2008 — gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999) ** D... • http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 1CVE-2008-1367 – Kernel doesn't clear DF for signal handlers
https://notcve.org/view.php?id=CVE-2008-1367
17 Mar 2008 — gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. gcc 4.3.x no genera una instrucción... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2007-6613 – libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6613
03 Jan 2008 — Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. Desbordamiento de búfer basado en pila en la función print_iso9660_recurse de iso-info (src/iso-info.c) en GNU Compact Disc Input and Control Library (libcdio) 0.79 y anteri... • https://www.exploit-db.com/exploits/30985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6109
https://notcve.org/view.php?id=CVE-2007-6109
07 Dec 2007 — Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. Un desbordamiento de búfer en la región stack de la memoria en emacs, permite a los atacantes asistidos por el usuario causar una denegación de servicio (bloqueo de aplicación) y posiblemente tener... • http://bugs.gentoo.org/show_bug.cgi?id=200297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 16%CPEs: 1EXPL: 0CVE-2007-6130
https://notcve.org/view.php?id=CVE-2007-6130
26 Nov 2007 — gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. gnump3d 2.9final no aplica protección de contraseña en sus plugins, lo cual podría permitir a atacantes remotos evitar restricciones de acceso impuestas. • http://secunia.com/advisories/27848 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2007-5795 – GNU Emacs 22.1 - Local Variable Handling Code Execution
https://notcve.org/view.php?id=CVE-2007-5795
02 Nov 2007 — The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. La función hack-local-variables en el Emacs anterior al 22.2, cuando el enable-local-variables está establecido a :safe, no busca correctamente las listas de las variables no seguras o ... • https://www.exploit-db.com/exploits/30736 •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5377
https://notcve.org/view.php?id=CVE-2007-5377
12 Oct 2007 — The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. Las funciones (1) tramp-make-temp-file y (2) tramp-make-tramp-temp-file en la extensión Tramp 2.1.10 para Emacs, y posiblemente versiones anteriores 2.1.x, permite a usuarios locales sobrescribir ficheros de su elección a través de ataques de enlaces simbólicos sobre archivo... • http://bugs.gentoo.org/show_bug.cgi?id=194713 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
05 Sep 2007 — Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3741 – Gimp image loader multiple input validation flaws
https://notcve.org/view.php?id=CVE-2007-3741
27 Aug 2007 — The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. Las extensiones 1) psp (también conocida como .tub), (2) bmp, (3) pcx, y (4) psd en gimp permite a atacantes remotos con la intervención del usuario provocar denegación de servicio (caida o cosumo de memoria) a través de archivos de imagen manipuladas, como se descubrió utiliz... • http://osvdb.org/42128 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
25 Aug 2007 — Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 •