CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2010-4042 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2010-4042
21 Oct 2010 — Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." Google Chrome anterior a v7.0.517.41 no controla correctamente los mapas de elemento, lo cual permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con "elementos obsoletos." This GLSA contains notificatio... • http://code.google.com/p/chromium/issues/detail?id=56451 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2010-4040
https://notcve.org/view.php?id=CVE-2010-4040
21 Oct 2010 — Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. Google Chrome anterior v7.0.517.41 no maneja adecuadamente imágenes GIF animadas, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente provocar otros impactos sin especificar a través de una imagen manipulada. • http://code.google.com/p/chromium/issues/detail?id=54500 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2010-3442 – kernel: prevent heap corruption in snd_ctl_new()
https://notcve.org/view.php?id=CVE-2010-3442
04 Oct 2010 — Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. Múltiples desbordamientos de entero en la función snd_ctl_new de sound/core/control.c en el kernel de Linux en versiones anteriores a la 2.6.36-rc5-next-20100929. Permiten a us... • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 23EXPL: 4CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2010-3437
04 Oct 2010 — Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a u... • https://www.exploit-db.com/exploits/15150 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 1CVE-2010-1822
https://notcve.org/view.php?id=CVE-2010-1822
04 Oct 2010 — WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. WebKit, tal y como es usado en Safari de Apple anterior a versión 4.1.3 y versiones 5.0.x anteriores a 5.0.3 y Chrome de Google anterior a versión 6.0.472.62, no realiza apropiadamente una conversión... • http://code.google.com/p/chromium/issues/detail?id=55114 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-3298 – kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
https://notcve.org/view.php?id=CVE-2010-3298
30 Sep 2010 — The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función hso_get_count en drivers/net/usb/hso.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible de ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=7011e660938fc44ed86319c18a5954e95a82ab3e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 3%CPEs: 9EXPL: 0CVE-2010-1773
https://notcve.org/view.php?id=CVE-2010-1773
24 Sep 2010 — Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. Error de superación de límite (off-by-one) en la función toAlphabetic de rendering/RenderListMarker.cpp de WebCor... • http://code.google.com/p/chromium/issues/detail?id=44955 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2010-1772
https://notcve.org/view.php?id=CVE-2010-1772
24 Sep 2010 — Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. Vulnerabilidad de usar después de liberar en page/Geolocation.cpp de WebCore en WebKit en versiones anteriores a la r59859, como se ha utilizado en Google Chrome en ... • http://code.google.com/p/chromium/issues/detail?id=44868 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3078 – kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
https://notcve.org/view.php?id=CVE-2010-3078
21 Sep 2010 — The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2010-3067 – kernel: do_io_submit() infoleak
https://notcve.org/view.php?id=CVE-2010-3067
21 Sep 2010 — Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. Vulnerabilidad de desbordamiento de entero en la función do_io_submit en fs/aio.c del kernel Linux anterior a v2.6.36-rc4-next-20100915, permite a usuarios locales provocar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través del uso... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 • CWE-190: Integer Overflow or Wraparound •