CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 1CVE-2011-1444
https://notcve.org/view.php?id=CVE-2011-1444
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Condición de carrera en la aplicación lanzador de sandbox de Google Chrome en Linux antes de v11.0.696.57 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=76542 http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html http://www.debian.org/security/2011/dsa-2245 https://exchange.xforce.ibmcloud.com/vulnerabilities/67151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14372 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 39%CPEs: 5EXPL: 1CVE-2011-1440
https://notcve.org/view.php?id=CVE-2011-1440
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. Vulnerabilidad de uso después de liberación en Google Chrome antes de v11.0.696.57 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el elemento de ruby y hojas de estilo en cascada (CSS) secuencias token. • http://code.google.com/p/chromium/issues/detail?id=75186 http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5000 http://www.debian.org/security/2011/dsa-2245 https://exchange.xforce.ibmcloud.com/vulnerabilities/67147 https://oval.cisecurity.org/ • CWE-416: Use After Free •
CVSS: 7.9EPSS: 96%CPEs: 67EXPL: 1CVE-2011-0997 – dhclient: insufficient sanitization of certain DHCP response values
https://notcve.org/view.php?id=CVE-2011-0997
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. dhclient en ISC DHCP 3.0.x hasta la versión 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres shell en un nombre de anfitrión obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitrión dado por dhclient-script. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html http://marc.info/?l=bugtraq&m=133226187115472&w=2 http://secunia.com/advisories/44037 http://secunia.com/advisories/44048 http://secunia.com/advisories/44089 http://secunia.com/advisories/44090 http://secunia.com/advisories/44103 http://secunia.com/advisories/44127&# • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2011-1292
https://notcve.org/view.php?id=CVE-2011-1292
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en el marco de la aplicación del cargador en Google Chrome antes de v10.0.648.204 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=73216 http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html http://secunia.com/advisories/43859 http://www.debian.org/security/2011/dsa-2245 http://www.securityfocus.com/bid/47029 http://www.vupen.com/english/advisories/2011/0765 https://exchange.xforce.ibmcloud.com/vulnerabilities/66299 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13876 • CWE-416: Use After Free •