Page 27 of 306 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

CVE-2010-2598 – libtiff: crash when reading image with not configured compression

https://notcve.org/view.php?id=CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." La libreria LibTIFF de Red Hat Enterprise Linux (RHEL) v3 sobre las plataformas x86_64, tal y como se utiliza en tiff2rgba, intenta de procesar los datos de la imagen incluso cuando la funcionalidad de compresión solicitado no está configurada, lo que permite a atacantes remotos provocar una denegación de servicio a través de una imagen TIFF debidamente modificada. Se trata de una vulnerabilidad relacionada con "downsampled OJPEG input". • http://secunia.com/advisories/40536 http://www.redhat.com/support/errata/RHSA-2010-0520.html http://www.vupen.com/english/advisories/2010/1761 https://bugzilla.redhat.com/show_bug.cgi?id=583081 https://access.redhat.com/security/cve/CVE-2010-2598 https://bugzilla.redhat.com/show_bug.cgi?id=610786 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 7

CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 2

CVE-2009-2848 – kernel: execve: must clear current->clear_child_tid

https://notcve.org/view.php?id=CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. Una función execve en el kernel de Linux, posiblemente versión 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de current-)clear_child_tid, lo que permite a los usuarios locales causar una denegación de servicio (corrupción de memoria) o posiblemente alcanzar privilegios por medio de un sistema de clonación que llama con CLONE_CHILD_SETTID o CLONE_CHILD_CLEARTID habilitadas, que no son manejados apropiadamente durante la creación y salida de hilos (subprocesos). • http://article.gmane.org/gmane.linux.kernel/871942 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/35983 http://secunia.com/advisories/36501 http://secunia.com/advisories/36562 http://secunia.com/advisories/36759 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types

https://notcve.org/view.php?id=CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 16EXPL: 0

CVE-2009-1893 – dhcp: insecure temporary file use in the dhcpd init script

https://notcve.org/view.php?id=CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. La función configtest en la secuencia de comandos de inicio del DHCPD en Red Hat para DHCP 3.0.1 en Red Hat Enterprise Linux (RHEL) 3 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico sobre un fichero temporal no especificado, relativo al comando "dhcpd -t". • http://secunia.com/advisories/35831 http://securitytracker.com/id?1022554 http://www.redhat.com/support/errata/RHSA-2009-1154.html http://www.securityfocus.com/bid/35670 https://bugzilla.redhat.com/show_bug.cgi?id=510024 https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440 https://access.redhat.com/security&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •