CVSS: 10.0EPSS: 45%CPEs: 10EXPL: 1CVE-2010-0050 – Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0050
12 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Vulnerabilidad uso después de la liberación (use-after-free) en Apple Safari anterior v4.0.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un documento HTML con etiquetas inadecuadamente anidadas. This vulnerabil... • https://www.exploit-db.com/exploits/12425 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 8%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
03 Mar 2010 — The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "de... • http://libpng.sourceforge.net/ADVISORY-1.4.1.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
03 Mar 2010 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability ex... • http://cups.org/articles.php?L596 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1CVE-2010-0650 – Mandriva Linux Security Advisory 2011-039
https://notcve.org/view.php?id=CVE-2010-0650
18 Feb 2010 — WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. WebKit, usado en Google Chrome, anterior a v4.0.249.78 y Apple Safari, permite a atacantes remotos evitar las restricciones destinadas a ventanas emergentes mediante el uso de un evento de clic de ratón manipulado. Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in web... • http://code.google.com/p/chromium/issues/detail?id=3275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
18 Feb 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2010-0623 – Ubuntu Security Notice 914-1
https://notcve.org/view.php?id=CVE-2010-0623
15 Feb 2010 — The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. La función futex_lock_pi en kernel/futex.c en el kernel de Linux anterior a 2.6.33-rc7 no maneja adecuadamente determinadas cuentas de referencia, lo que permite a usuarios locales provocar una denegación de servicio (OOPS) a través de vectores que involucran ... • http://bugzilla.kernel.org/show_bug.cgi?id=14256 •
CVSS: 9.3EPSS: 42%CPEs: 7EXPL: 0CVE-2009-3301 – OpenOffice.org Word sprmTDefTable Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3301
15 Feb 2010 — Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Desbordamiento de enteros en filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de una tabla modificadora ... • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2010-0410 – kernel: OOM/crash in drivers/connector
https://notcve.org/view.php?id=CVE-2010-0410
15 Feb 2010 — drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. drivers/connector/connector.c en el Kernel de Linux anterior a la v2.6.32.8 permite a usuarios locales provocar una denegación de servicio (consumo de memoria y caída del sistema) enviando muchos mensajes NETLINK_CONNECTOR al Kernel. Mathias Krause discovered that the Linux kernel did not correctly handl... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f98bfbd78c37c5946cc53089da32a5f741efdeb7 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 42%CPEs: 7EXPL: 0CVE-2009-3302 – OpenOffice.org Word sprmTSetBrc Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3302
15 Feb 2010 — filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicacion) o probablemente ejecutar código de su elección a través de una tabla modificadora de propiedade... • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0136 – Debian Linux Security Advisory 1995-1
https://notcve.org/view.php?id=CVE-2010-0136
15 Feb 2010 — OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. OpenOffice.org (OOo) V2.0.4, V2.4.1, y v3.1.1 no refuerza adecuadamente la configuración de la macro de seguridad de Visual Basic para Aplicaciones (VBA), lo que permite a atacantes remotos correr macros de su elección a través de un documento manipulado. OpenOffice suffers from multiple vulnerabiliti... • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •