CVSS: 9.3EPSS: 0%CPEs: 59EXPL: 0CVE-2010-1795
https://notcve.org/view.php?id=CVE-2010-1795
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Apple iTunes anterior a v9.1, cuando se ejecuta en Windows 7, Vista, y XP, permite a atacantes obtener privilegios a través de una DDL que es un troyano en el directorio actual de trabajo. • http://support.apple.com/kb/HT4105 http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt http://www.securityfocus.com/archive/1/513190/100/0/threaded http://www.securityfocus.com/bid/42541 https://exchange.xforce.ibmcloud.com/vulnerabilities/61223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7217 •
CVSS: 6.9EPSS: 0%CPEs: 60EXPL: 0CVE-2010-1768
https://notcve.org/view.php?id=CVE-2010-1768
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. Vulnerabilidad sin especificar en Apple iTunes anterior a v9.1 permite a usuarios locales obtener privilegios de consola a través de vectores relacionados con archivos log, "operación de archivos inseguros", y sincornizando un iPhone, iPad, o iPod touch. • http://support.apple.com/kb/HT4105 http://www.securityfocus.com/bid/42538 https://exchange.xforce.ibmcloud.com/vulnerabilities/61222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7604 •
CVSS: 9.3EPSS: 1%CPEs: 71EXPL: 0CVE-2010-1777
https://notcve.org/view.php?id=CVE-2010-1777
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. Desbordamiento de búfer en Apple iTunes en versiones anteriores a la v9.2.1 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un itpc: URL modificado. • http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html http://support.apple.com/kb/HT4263 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 24EXPL: 0CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL) • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http&# • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •