CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2008-3138 – wireshark: unexpected exit in the PANA and KISMET dissectors
https://notcve.org/view.php?id=CVE-2008-3138
10 Jul 2008 — The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. Los analizadores (1) PANA y (2) KISMET en Wireshark (conocido como Ethereal) de la 0.99.3 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (parada de aplicación) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2008-3139
https://notcve.org/view.php?id=CVE-2008-3139
10 Jul 2008 — The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. El analizador RTMPT en Wireshark (anteriormente Ethereal) 0.99.8 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. NOTA: esto puede ser debido a un eror "user-after-free" (uso después de liberación). • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2008-1078
https://notcve.org/view.php?id=CVE-2008-1078
29 Feb 2008 — expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. expn en los paquetes am-utils y net-fs para Gentoo, rPath Linux y otras distribuciones, permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink en el archivo temporal expn[PID]. NOTA: este es el mismo problema de CVE-2003-0308.1. • http://bugs.gentoo.org/show_bug.cgi?id=210158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 10%CPEs: 88EXPL: 2CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
28 Feb 2008 — Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcsp... • https://www.exploit-db.com/exploits/31309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 11%CPEs: 51EXPL: 0CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
07 Nov 2007 — Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. Multi... • ftp://aix.software.ibm.com/aix/efixes/security/README • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5686
https://notcve.org/view.php?id=CVE-2007-5686
28 Oct 2007 — initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. initscripts en el rPath Linux 1 establece permisos inseguros para el fichero /var/log/btmp, lo que permite a usuarios locales obtener información sensible respecto... • http://secunia.com/advisories/27215 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
25 Aug 2007 — Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2007-4029 – Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)
https://notcve.org/view.php?id=CVE-2007-4029
26 Jul 2007 — libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. libvorbis 1.1.2, y posiblemente otras versiones anteriores a 1.2.0, permite a atacantes dependientes del contexto provocar denegación de servicio a travñes de (1) un tipo de ... • http://secunia.com/advisories/24923 •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2007-3106 – libvorbis array boundary condition
https://notcve.org/view.php?id=CVE-2007-3106
26 Jul 2007 — lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors. En la biblioteca lib/info.c en libvorbis versión 1.1.2, y posiblemente otras versiones anteriores a 1.2.0, permite a los atacante... • http://secunia.com/advisories/24923 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 7%CPEs: 45EXPL: 0CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1351
06 Apr 2007 — Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un de... • http://issues.foresightlinux.org/browse/FL-223 • CWE-189: Numeric Errors •