CVSS: 9.8EPSS: 80%CPEs: 6EXPL: 3CVE-2010-0211 – OpenLDAP 2.4.22 - 'modrdn' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. La función slap_modrdn2mods en modrdn.c en OpenLDAP v2.4.22 no comprueba el valor de retorno de la llamada a la función smr_normalize, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y posiblemente ejecución de comandos de su elección a través de una llamada a modrdn call con una cadena RDN que contenga secuencias UTF-8 inválidas, lo que provocará la liberación de un puntero no válido ni inicializado en la función slap_mods_free, como se demostró usando la suite de test Codenomicon LDAPv3. • https://www.exploit-db.com/exploits/34348 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40639 http://secunia.com/advisories/40677 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 http://security.gentoo.org/glsa/glsa-201406-36.xml http://support.apple.com/kb/H • CWE-252: Unchecked Return Value •
CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 1CVE-2010-2753 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. Un desbordamiento de enteros en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a atacantes remotos ejecutar código arbitrario por medio de un atributo de selección grande en un elemento del árbol XUL, lo que desencadena un uso de la memoria previamente liberada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL <tree> element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://www.mozilla.org/security/announce/2010/mfsa2010-40.html http://www.securityfocus.com/archive/1/512510 http://www.securityfocus.com/bid/41853 http://www.zerodayinitiative.com/advisories/ZDI-10-131 https://bugzilla.mozilla.org/show_bug.cgi?id=571106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 https://access.redhat.com/security/cve/CVE-2010-2753 https://bugzilla • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 6.5EPSS: 2%CPEs: 24EXPL: 0CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL) • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http&# • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2010-2297
https://notcve.org/view.php?id=CVE-2010-2297
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. rendering/FixedTableLayout.cpp en WebCore en WebKit en Google Chrome anterior a v5.0.375.70, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de un documento HTML que contiene un atributo "colspan" largo dentro de una tabla. • http://code.google.com/p/chromium/issues/detail?id=42723 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40072 http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11434 • CWE-94: Improper Control of Generation of Code ('Code Injection') •