CVSS: 8.4EPSS: 2%CPEs: 8EXPL: 1CVE-2010-2498 – freetype: invalid free vulnerability with possible heap corruption
https://notcve.org/view.php?id=CVE-2010-2498
15 Jul 2010 — The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. La función psh_glyph_find_strong_points en pshinter/pshalgo.c de FreeType anterior a v2.4.0 no implementa adecuadamente mascaras sugeridas, lo cual permite a atacantes remoto... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 8EXPL: 1CVE-2010-2499 – freetype: buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2010-2499
15 Jul 2010 — Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. Desbordamiento de búfer en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.0 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o posiblemente ejecutar código a su elecci... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2010-2500 – freetype: integer overflow vulnerability in smooth/ftgrays.c
https://notcve.org/view.php?id=CVE-2010-2500
15 Jul 2010 — Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de entero en la función gray_render_span en smooth/ftgrays.c en FreeType anterior a v2.4.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un fichero fuente manipulado. Mult... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 4%CPEs: 8EXPL: 1CVE-2010-2519 – freetype: heap buffer overflow vulnerability when processing certain font files
https://notcve.org/view.php?id=CVE-2010-2519
15 Jul 2010 — Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. Desbordamiento de búfer basado en pila en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.0 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o posiblemente ej... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 8EXPL: 1CVE-2010-2520 – Debian Linux Security Advisory 2070-1
https://notcve.org/view.php?id=CVE-2010-2520
15 Jul 2010 — Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de búfer basado en la memoria dinámica en la función Ins_IUP en truetype/ttinterp.c en FreeType anterior a v2.4.0, cuando TrueType bytecode support está habilitado, permite a a atacantes remotos provocar una denegación de... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=888cd1843e935fe675cf2ac303116d4ed5b9d54b • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1637 – SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
https://notcve.org/view.php?id=CVE-2010-1637
22 Jun 2010 — The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un número de puerto POP3 modificado. A vulnerability was reported in the Squirr... • http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
02 Jun 2010 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
02 Jun 2010 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacant... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html •
CVSS: 7.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0507
https://notcve.org/view.php?id=CVE-2010-0507
30 Mar 2010 — Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. Desbordamiento de búfer en Image RAW en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PEF manipulada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0063
https://notcve.org/view.php?id=CVE-2010-0063
30 Mar 2010 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior v10.6.3 hace que sea fácil para atacantes asistidos por us... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •