CVSS: 7.5EPSS: 19%CPEs: 13EXPL: 1CVE-2009-1955 – Apache mod_dav / svn - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es utilizado en los módulos mod_dav y mod_dav_svn en el servidor HTTP de Apache, permite a atacantes remotos producir una denegación de servicio (agotamiento de memoria) a través de un documento XML manipulado que contiene un gran numero de referencias anidadas, como se demostró en la petición PROPFIND, una vulnerabilidad similar a CVE-2003-1564. • https://www.exploit-db.com/exploits/8842 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=apr-dev&m=124396021826125&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35360 http://secunia.com/advisories/35395 http://secunia.com/advisories/35444 http: • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http&# • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-1633 – kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server
https://notcve.org/view.php?id=CVE-2009-1633
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. Múltiples desbordamientos de búfer en el subsistema cifs en el kernel de Linux anterior a v2.6.29.4 permite a servidores remotos CIFS provocar una denegación de servicio (corrupción de memoria) y posiblemente tener otros impactos sin identificar a través de (1) una cadena Unicode mal formada, relacionado con el área de alineación de cadena Unicode en fs/cifs/sess.c; o (2) carateres largos _Unicode, relacionado con fs/cifs/cifssmb.c y la función cifs_readdir en fs/cifs/readdir.c. • http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=7b0c8fcff47a885743125dd843db64af41af5a61 http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=968460ebd8006d55661dec0fb86712b40d71c413 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27b87fe52baba0a55e9723030e76fce94fabcea4 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 13EXPL: 3CVE-2009-1630 – kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission
https://notcve.org/view.php?id=CVE-2009-1630
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. La función nfs_permission en fs/nfs/dir.c en la implementación cliente NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open está activo, no comprueba la ejecución (también conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4. • http://article.gmane.org/gmane.linux.nfs/26592 http://bugzilla.linux-nfs.org/show_bug.cgi?id=131 http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://secunia.com/advisories/35106 http://secunia.com/advisories/35298 http://secunia.com/advisories/35394 http&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •