CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. La función png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representación descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicación) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del método de decompresión con datos con muchas ocurrencias del mismo caracter, en relación con un ataque "decompression bomb" (bomba de descompresión). • http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http:/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relativos a la función nsBlockFrame::StealFrame en layout/generic/nsBlockFrame.cpp, ay otros vectores no específicos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242& •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 2CVE-2010-0307 – Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
https://notcve.org/view.php?id=CVE-2010-0307
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. La función load_elf_binary en fs/binfmt_elf.c en el kernel de Linux en versiones anteriores a v2.6.32.8 en plataformas x86_64 no asegura que el interprete ELF este disponible antes de una llamada a la macro SET_PERSONALITY, lo que permite a usuarios locales producir una denegación de servicio (caída del sistema) a través de una aplicación de 32 bits que intenta ejecutar una aplicación de 64 bits que inicia un fallo de segmentación, como se demuestra con amd64_killer, relacionado con la función flush_old_exec. • https://www.exploit-db.com/exploits/33585 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://marc.info/?l=linux-mm&m=126466407724382&w=2 http://marc.info/?t=126466700200002&r=1&w=2 http://secunia.com/advisories/38492 http://secunia.com/advisories/38779 •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2010-0410 – kernel: OOM/crash in drivers/connector
https://notcve.org/view.php?id=CVE-2010-0410
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. drivers/connector/connector.c en el Kernel de Linux anterior a la v2.6.32.8 permite a usuarios locales provocar una denegación de servicio (consumo de memoria y caída del sistema) enviando muchos mensajes NETLINK_CONNECTOR al Kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f98bfbd78c37c5946cc53089da32a5f741efdeb7 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html http:&#x • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0136
https://notcve.org/view.php?id=CVE-2010-0136
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. OpenOffice.org (OOo) V2.0.4, V2.4.1, y v3.1.1 no refuerza adecuadamente la configuración de la macro de seguridad de Visual Basic para Aplicaciones (VBA), lo que permite a atacantes remotos correr macros de su elección a través de un documento manipulado. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://securitytracker.com/id?1023588 http://www.debian.org/security/2010/dsa-1995 http://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 http://www.securityfocus.com/bid/38245 http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/ad • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •