CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2011-1293
https://notcve.org/view.php?id=CVE-2011-1293
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad uso después de liberación en la aplicación HTMLCollection en Google Chrome antes de v10.0.648.204 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=73595 http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://secunia.com/advisories/43859 http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.app • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1176
https://notcve.org/view.php?id=CVE-2011-1176
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. La fusión de configuración en itk.c en el Steinar H. Gunderson mpm-itk Multi-Processing Module v2.2.11-01 y v2.2.11-02 para el Servidor Apache HTTP, no maneja adecuadamente ciertas secciones de configuración que especifican NiceValue pero no AssignUserID, lo que podría permitir a atacantes remotos obtener privilegios mediante el aprovechamiento de la UID y GID de root de un proceso mpm-itk. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857 http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html http://openwall.com/lists/oss-security/2011/03/20/1 http://openwall.com/lists/oss-security/2011/03/21/13 http://www.debian.org/security/2011/dsa-2202 http://www.mandriva.com/security/advisories?name=MDVSA-2011:057 http://www.securityfocus.com/bid/46953 http://www.vupen.com/english& •
CVSS: 5.0EPSS: 14%CPEs: 19EXPL: 5CVE-2011-0762 – vsftpd 2.3.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. La función vsf_filename_passes_filter de ls.c de vsftpd en versiones anteriores a la 2.3.3 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de toda la CPU y agotamiento de los slots de procesos) a través de una expresión glob modificada en comandos STAT en múltiples sesiones FTP. Una vulnerabilidad distinta a la CVE-2010-2632. Vsftpd versions 2.3.2 on NetBSD and 2.3.0 on Ubuntu suffer from a remote denial of service vulnerability. • https://www.exploit-db.com/exploits/16270 ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 http://cxib.net/stuff/vspoc232.c http://jvn.jp/en/jp/JVN37417423/index.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 7%CPEs: 45EXPL: 1CVE-2011-1002 – avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
https://notcve.org/view.php?id=CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. avahi-core/socket.c en avahi-daemon en Avahi antes de v0.6.29 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete UDP (1) IPv4 o (2) IPv6 vacíos al puerto 5353. NOTA: esta vulnerabilidad existe debido a una corrección incorrecta del CVE-2010-2244. • http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://osvdb.org/70948 http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http:/& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2011-0983
https://notcve.org/view.php?id=CVE-2011-0983
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v9.0.597.94 no gestiona correctamente los bloques anónimos, permitiendo a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale pointer" • http://code.google.com/p/chromium/issues/detail?id=69556 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://secunia.com/advisories/43342 http://secunia.com/advisories/43368 http://support.apple.com/kb/HT4808 http://support. • CWE-20: Improper Input Validation •