CVSS: 9.1EPSS: 2%CPEs: 7EXPL: 0CVE-2010-3436
https://notcve.org/view.php?id=CVE-2010-3436
08 Nov 2010 — fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. fopen_wrappers.c en PHP v5.3.x hasta v5.3.3 podría permitir a atacantes remotos evitar las restricciones open_basedir a través de vectores relativos a la longitud del nombre de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 0CVE-2010-3702 – xpdf: uninitialized Gfx::parser pointer dereference
https://notcve.org/view.php?id=CVE-2010-3702
05 Nov 2010 — The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros producto... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 46%CPEs: 26EXPL: 0CVE-2010-2941 – cups: cupsd memory corruption vulnerability
https://notcve.org/view.php?id=CVE-2010-2941
05 Nov 2010 — ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. ipp.c en cupsd en CUPS v1.4.4 y anteriores no asigna correctamente memoria para valores de atributo con tipos de datos de cadena inválidos, permitiendo a atacantes remotos provocar una denegación de servicio (uso después de ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2010-3442 – kernel: prevent heap corruption in snd_ctl_new()
https://notcve.org/view.php?id=CVE-2010-3442
04 Oct 2010 — Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. Múltiples desbordamientos de entero en la función snd_ctl_new de sound/core/control.c en el kernel de Linux en versiones anteriores a la 2.6.36-rc5-next-20100929. Permiten a us... • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 23EXPL: 4CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2010-3437
04 Oct 2010 — Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a u... • https://www.exploit-db.com/exploits/15150 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 1%CPEs: 26EXPL: 2CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
30 Sep 2010 — The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo q... • https://www.exploit-db.com/exploits/15155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3297 – kernel: drivers/net/eql.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3297
30 Sep 2010 — The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. La función eql_g_master_cfg en drivers/net/eql.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=44467187dc22fdd33a1a06ea0ba86ce20be3fe3c • CWE-909: Missing Initialization of Resource •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2010-2946
https://notcve.org/view.php?id=CVE-2010-2946
29 Sep 2010 — fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. fs/jfs/xattr.c en el kernel de Linux anterior a v2.6.35.2 no controla correctamente un cierto formato antiguo para el almacenamiento de los atributos extendidos, lo cual podría permitir a usuarios locales eludir las restricciones de espacio de no... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2478
https://notcve.org/view.php?id=CVE-2010-2478
29 Sep 2010 — Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. Desbordamiento de enteros en la función ethtool_get_rxnfc en net/core/ethtool.c en el kernel de Linux anterior a v2.6.33.7 en plataformas ... • http://article.gmane.org/gmane.linux.network/164869 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3084 – kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3084
29 Sep 2010 — Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. Desbordamiento de búfer en la función niu_get_ethtool_tcam_all en drivers/net/niu.c en el kernel de Linux anteriores a v2.6.36-rc4 permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través del comando ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •