Page 91 of 671 results (0.012 seconds)

CVSS: 10.0EPSS: 28%CPEs: 2EXPL: 0

CVE-2008-3159 – Novell eDirectory dhost Integer Overflow Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2008-3159

Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." Desbordamiento de entero en ds.dlm, como el utilizado en dhost.exe de Novell eDirectory 8.7.3.10 anterior a 8.7.3 SP10b y 8.8 anterior a 8.8.2 ftf2, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que provocan un desbordamiento del búfer basado en pila. Relacionado con "aritmética defectuosa". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. • http://secunia.com/advisories/30938 http://securitytracker.com/id?1020431 http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858 http://www.securityfocus.com/bid/30085 http://www.vupen.com/english/advisories/2008/1999 http://www.zerodayinitiative.com/advisories/ZDI-08-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/43589 • CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2008-2931 – kernel: missing check before setting mount propagation

https://notcve.org/view.php?id=CVE-2008-2931

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. La función do_change_type en fs/namespace.c del núcleo de Linux en versiones anteriores a 2.6.22 no verifica que la persona que llama tiene la capacidad CAP_SYS_ADMIN, lo cual permite a usuarios locales conseguir privilegios o provocar una denegación de servicio mediante la modificación de las propiedades de un punto de montaje. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ee6f958291e2a768fd727e7a67badfff0b67711a http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0

CVE-2008-2812 – kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code

https://notcve.org/view.php?id=CVE-2008-2812

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://l • CWE-476: NULL Pointer Dereference •

CVSS: 9.3EPSS: 47%CPEs: 1EXPL: 1

CVE-2008-2908 – Novell iPrint Client - ActiveX Control Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-2908

Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en pila en un determinado control ActiveX de ienipp.ocx en Novell iPrint Client para Windows versiones anteriores a 4.36 permiten a atacantes remotos ejecutar código de su elección a través un valor largo de los parámetros (1) operation, (2) printer-url, o (3) target-frame. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/16508 http://secunia.com/advisories/30709 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html http://www.kb.cert.org/vuls/id/145313 http://www.securityfocus.com/bid/29736 http://www.securitytracker.com/id?1020303 http://www.vupen.com/english/advisories/2008/1837/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

CVE-2008-0925

https://notcve.org/view.php?id=CVE-2008-0925

Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz iMonitor de Novell eDirectory 8.7.3.x anterior a 8.7.3 sp10, y 8.8.x anterior a 8.8.2 ftf2; permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de parámetros no especificados que se utilizan en los "mensajes de error de la pila HTTP". • http://secunia.com/advisories/30748 http://securitytracker.com/id?1020321 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/viewContent.do?externalId=3460217&sliceId=1 http://www.securityfocus.com/bid/29782 http://www.vupen.com/english/advisories/2008/1863/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •