CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2519 – freetype: heap buffer overflow vulnerability when processing certain font files
https://notcve.org/view.php?id=CVE-2010-2519
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. Desbordamiento de búfer basado en pila en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.0 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o posiblemente ejecutar código a su elección a través de manipular el valor longitud en un fragmento de cabecera POST de un fichero de fuente. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1637 – SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
https://notcve.org/view.php?id=CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un número de puerto POP3 modificado. • http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html http://rhn.redhat.com/errata/RHSA-2012-0103.html http& • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 0CVE-2010-1376
https://notcve.org/view.php?id=CVE-2010-1376
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. Múltiples vulnerabilidades de formato de cadena en "Network Authorization" en Apple Mac OS X v10.6 antes de v10.6.4 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por caída de la aplicación) a través de especificadores de formato de cadena en URLs (1) AFP, (2) cifs, o (3) SMB. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 1%CPEs: 94EXPL: 1CVE-2010-1748 – CUPS 1.4.2 - Web Interface Information Disclosure
https://notcve.org/view.php?id=CVE-2010-1748
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. La función cgi_initialize_string en el archivo cgi-bin/var.c en la interfaz web en CUPS anterior a versión 1.4.4, tal y como es usado sobre Mac OS X versión 10.5.8, Mac OS X versiones 10.6 anteriores a 10.6.4, de Apple, y otras plataformas, no maneja apropiadamente los parámetros values que contienen un carácter % (porcentaje) sin dos caracteres hexadecimales posteriores, lo que permite a los atacantes dependiendo del contexto obtener información confidencial de la memoria del proceso cupsd por medio de una petición especialmente diseñada, como es demostrado por los URIs (1) /admin?OP=redirect&URL=% y (2) /admin? • https://www.exploit-db.com/exploits/34152 http://cups.org/articles.php?L596 http://cups.org/str.php?L3577 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://secunia.com/advisories/40220 http://secunia.com/advisories/43521 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.debian.org/security/2011/dsa-2176 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •