Mandrakesoft: >> Mandrake Linux >> 2007 Security Vulnerabilities
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
CVSS Score
5.0
EPSS Score
0.074
Published
2007-03-20
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
CVSS Score
5.0
EPSS Score
0.054
Published
2007-03-20
Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.
CVSS Score
5.0
EPSS Score
0.066
Published
2007-03-20
The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.
CVSS Score
7.8
EPSS Score
0.039
Published
2007-03-20
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2001-06-27
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
CVSS Score
5.0
EPSS Score
0.12
Published
2000-07-04
Page 2