CVSS: 8.8EPSS: 6%CPEs: 11EXPL: 1CVE-2011-2692 – libpng: Invalid read when handling empty sCAL chunks
https://notcve.org/view.php?id=CVE-2011-2692
17 Jul 2011 — The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. La función png_handle_sCAL de pngrutil.c en libpng v1.0.x antes de la v1.0.55, en v1.2.x antes de la v1.2.45, ... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1526 – krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
https://notcve.org/view.php?id=CVE-2011-1526
11 Jul 2011 — ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. ftpd.c en el demonio GSS-API FTP en MIT Kerberos Version 5 Applications (también conocido como krb5-appl) v1.0.1 y anteriores no comprueban el v... • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
07 Jul 2011 — The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar po... • http://curl.haxx.se/curl-gssapi-delegation.patch • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2011-1770 – kernel: dccp: handle invalid feature options length
https://notcve.org/view.php?id=CVE-2011-1770
24 Jun 2011 — Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. Desbordamiento de entero en la función dccp_parse_options (net/DCCP/options.c) en el kernel de Linux antes de la versión v2.6.33.14 permite a atacantes remotos causar una denegación de servicio a través de un paquete... • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
21 Jun 2011 — jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documen... • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
06 Jun 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
06 Jun 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacant... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html •
CVSS: 7.5EPSS: 5%CPEs: 26EXPL: 2CVE-2011-1027
https://notcve.org/view.php?id=CVE-2011-1027
20 Mar 2011 — Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence. Error de superación de límite (off-by-one) en la función convert_query_hexchar en html.c en cgit.cgi en cgit anteriores a v0.8.3.5, permite a atacantes remotos provocar una denegación de servicio (buble infinito) a través d... • http://article.gmane.org/gmane.comp.version-control.git/168493 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 26%CPEs: 19EXPL: 6CVE-2011-0762 – vsftpd 2.3.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2011-0762
02 Mar 2011 — The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. La función vsf_filename_passes_filter de ls.c de vsftpd en versiones anteriores a la 2.3.3 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de toda la CPU y agotamiento de los sl... • https://packetstorm.news/files/id/180501 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 270EXPL: 0CVE-2011-1011 – policycoreutils: insecure temporary directory handling in seunshare
https://notcve.org/view.php?id=CVE-2011-1011
24 Feb 2011 — The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp... • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html • CWE-264: Permissions, Privileges, and Access Controls •