CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2519 – freetype: heap buffer overflow vulnerability when processing certain font files
https://notcve.org/view.php?id=CVE-2010-2519
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. Desbordamiento de búfer basado en pila en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.0 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o posiblemente ejecutar código a su elección a través de manipular el valor longitud en un fragmento de cabecera POST de un fichero de fuente. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2520
https://notcve.org/view.php?id=CVE-2010-2520
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de búfer basado en la memoria dinámica en la función Ins_IUP en truetype/ttinterp.c en FreeType anterior a v2.4.0, cuando TrueType bytecode support está habilitado, permite a a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de ficheros fuente manipulados. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=888cd1843e935fe675cf2ac303116d4ed5b9d54b http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951 http://support.apple.com/kb/HT4435 http://www.debian.org/security/2010/dsa-2070 http:&# • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1637 – SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
https://notcve.org/view.php?id=CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un número de puerto POP3 modificado. • http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html http://rhn.redhat.com/errata/RHSA-2012-0103.html http& • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0546
https://notcve.org/view.php?id=CVE-2010-0546
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. El administrador de carpetas de Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, permite a usuarios locales borrar las carpetas de su elección mediante un ataque de enlace simbólico junto con una operación de desmontaje (umount) de un volumen debidamente modificado. Es una vulnerabilidad relacionada con la carpeta "Cleanup At Startup". • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •