CVE-2019-13730 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13730
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1028862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2010-4177
https://notcve.org/view.php?id=CVE-2010-4177
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. mysql-gui-tools (mysql-query-browser y mysql-admin) versiones anteriores a 5.0r14+openSUSE-2.3 expone la contraseña de un usuario conectado al servidor MySQL en forma de texto sin cifrar por medio de la lista de procesos en ejecución. • http://www.securityfocus.com/bid/97959 https://access.redhat.com/security/cve/cve-2010-4177 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605542 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4177 https://security-tracker.debian.org/tracker/CVE-2010-4177 https://www.openwall.com/lists/oss-security/2010/11/16/6 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2010-3439
https://notcve.org/view.php?id=CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. Es posible causar una condición DoS causando que el servidor se bloquee en alien-arena versión 7.33, al proporcionar varios parámetros no válidos al comando de descarga. • https://access.redhat.com/security/cve/cve-2010-3439 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3439 https://security-tracker.debian.org/tracker/CVE-2010-3439 • CWE-20: Improper Input Validation •
CVE-2010-3438
https://notcve.org/view.php?id=CVE-2010-3438
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. libpoe-component-irc-perl versiones anteriores a v6.32, no elimina los retornos de carro y los avances de línea. Esto puede ser utilizado para ejecutar comandos IRC arbitrarios al pasar un argumento como "some text\rQUIT" hacia el manejador "privmsg", lo que causaría que el cliente se desconecte del servidor. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438 https://security-tracker.debian.org/tracker/CVE-2010-3438 • CWE-134: Use of Externally-Controlled Format String •
CVE-2010-4178
https://notcve.org/view.php?id=CVE-2010-4178
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console MySQL-GUI-tools (mysql-administrador) filtra las contraseñas en la lista de procesos después del inicio de la consola de texto mysql • http://www.securityfocus.com/bid/97960 https://access.redhat.com/security/cve/cve-2010-4178 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4178 https://security-tracker.debian.org/tracker/CVE-2010-4178 • CWE-522: Insufficiently Protected Credentials •