CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.6EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3576
https://notcve.org/view.php?id=CVE-2010-3576
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver. Vulnerabilidad no especificada en Oracle Solaris v8, v9 ,y v10 y OpenSolaris. Permite a usuarios locales comprometer la integridad y la disponibilidad relacionado con "SCSI enclosure services device driver". • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •
CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3542
https://notcve.org/view.php?id=CVE-2010-3542
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB. Vulnerabilidad no especificada en Oracle Solaris v8, v9, y v10, v OpenSolaris, permite a los usuarios locales afectar la confidencialidad, relacionado con USB. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3540
https://notcve.org/view.php?id=CVE-2010-3540
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS. Vulnerabilidad no especificada en Oracle Solaris 10 y OpenSolaris permite a usuarios locales comprometer la disponibilidad. Está relacionado con ZFS. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3515
https://notcve.org/view.php?id=CVE-2010-3515
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver. Vulnerabilidad no especificada en el componente de Solaris, en Oracle Solaris v9 y v10, y OpenSolaris, permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos relacionados con Kernel/Disk Driver. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •