CVE-2010-1866 – PHP 5.3 - 'PHP_dechunk()' HTTP Chunked Encoding Integer Overflow
https://notcve.org/view.php?id=CVE-2010-1866
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. El filtro dechunk en PHP 5.3 hasta v.5.3.2, cuando se decodifica un cadena HTTP fragmentada, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posiblemente una corrupción de memoria mediante un tamaño de fragmento negativo, lo que evita la comparación de signo, relativo a un desbordamiento de entero en el decodificados de tamaño del fragmento. • https://www.exploit-db.com/exploits/33920 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html • CWE-190: Integer Overflow or Wraparound •
CVE-2010-0840 – Oracle JRE Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23 y 1.4.2_25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Marzo 2010. • https://www.exploit-db.com/exploits/16297 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http:/ •
CVE-2010-0050 – Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0050
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Vulnerabilidad uso después de la liberación (use-after-free) en Apple Safari anterior v4.0.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un documento HTML con etiquetas inadecuadamente anidadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callback pointer during the destruction of a particular type of element when embedded inside a 'blink' container. The application dereferences the original resource which can can be leveraged by an attacker to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/12425 http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http: • CWE-416: Use After Free •
CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. La función png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representación descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicación) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del método de decompresión con datos con muchas ocurrencias del mismo caracter, en relación con un ataque "decompression bomb" (bomba de descompresión). • http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http:/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2010-0299
https://notcve.org/view.php?id=CVE-2010-0299
openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. openSUSE 11.2 instala el directorio principal de devmpfs con permisos inseguros (1777), lo que permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •