CVSS: 7.8EPSS: 20%CPEs: 4EXPL: 6CVE-2011-3336 – Libc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2011-3336
14 Mar 2014 — regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. regcomp en la implementación BSD de libc, es vulnerable a una denegación de servicio debido al agotamiento de la pila. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://packetstorm.news/files/id/125725 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 8%CPEs: 40EXPL: 0CVE-2011-2895 – BSD compress LZW decoder buffer overflow
https://notcve.org/view.php?id=CVE-2011-2895
19 Aug 2011 — The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possib... • http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2011-2168
https://notcve.org/view.php?id=CVE-2011-2168
24 May 2011 — Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. Múltiples desbordamientos de entero en la implementación de glob en libc en OpenBSD anterior a v4.9 podría permitir a atacantes dependientes de contexto tener un impacto no especificado a través de una cadena manipulada, relacionado con el GLOB_APP... • http://securityreason.com/achievement_securityalert/97 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 35%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
16 May 2011 — Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamie... • https://www.exploit-db.com/exploits/35738 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1013 – kernel: drm_modeset_ctl signedness issue
https://notcve.org/view.php?id=CVE-2011-1013
09 May 2011 — Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. Error de enteros sin signo en F... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1922756124ddd53846877416d92ba4a802bc658f • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 3CVE-2010-4754
https://notcve.org/view.php?id=CVE-2010-4754
02 Mar 2011 — The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. La implementación glob en libc en FreeBSD versiones 7.3 y 8.1, NetBSD versión 5.0.2 y OpenBSD versión 4.7, ... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4755
02 Mar 2011 — The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3572
https://notcve.org/view.php?id=CVE-2009-3572
06 Oct 2009 — OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. OpenBSD v4.4, v4.5, y v4.6, cuando se ejecuta sobre un kernel i386 no maneja adecuadamente la excepciones XMM, lo que permite a usuarios locales producir una denegación de servicio (kernel panic) a través de vectores inespecíficos. • http://marc.info/?l=openbsd-security-announce&m=125474331811594 •
CVSS: 7.8EPSS: 12%CPEs: 7EXPL: 3CVE-2009-0687 – Multiple Vendor - PF Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2009-0687
11 Aug 2009 — The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. La función pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores ... • https://www.exploit-db.com/exploits/8581 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 42%CPEs: 32EXPL: 14CVE-2009-0689 – K-Meleon 1.5.3 - Remote Array Overrun
https://notcve.org/view.php?id=CVE-2009-0689
01 Jul 2009 — Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision v... • https://www.exploit-db.com/exploits/10186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •