CVE-2010-4743
https://notcve.org/view.php?id=CVE-2010-4743
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer basado en memoria dinámica en la función getarena en abc2ps.c en abcm2ps antes de v5.9.13 podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo ABC debidamente modificado. Se trata de una vulnerabilidad diferente a CVE-2010-3441. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html http://moinejf.free.fr/abcm2ps-5.txt http://secunia.com/advisories/40033 http://secunia.com/advisories/43338 http://www.vupen.com/english/advisories/2011/0390 https://bugzilla.redhat.com/show_bug.cgi?id=600729 • CWE-787: Out-of-bounds Write •
CVE-2011-0495
https://notcve.org/view.php?id=CVE-2011-0495
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. Desbordamiento de búfer basado en pila en la función ast_uri_encode, en main/utils.c, en Asterisk Open Source before v.1.4.38.1, v.1.4.39.1, v.1.6.1.21, v.1.6.2.15.1, v.1.6.2.16.1, v.1.8.1.2, v.1.8.2.; y Business Edition before v.C.3.6.2; cuando se ejecuta en modo "pedantic" permite a usuarios autenticados ejectuar código de su elección manipulados con el dato llamador ID en vectores que involucran el (1) el driver del SIP, (2) la función URIENCODE dialplan, o la función AGI dialplan. • http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff http://downloads.asterisk.org/pub/security/AST-2011-001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html http://osvdb.org/70518 http://secunia.com/advisories/42935 http://secunia.com/advisories/43119 http://secunia.com/advisories/43373 http://www.debian.org/security/2011/dsa-2171 http://www • CWE-787: Out-of-bounds Write •
CVE-2010-4162 – kernel: bio: integer overflow page count when mapping/copying user data
https://notcve.org/view.php?id=CVE-2010-4162
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. Múltiples desbordamientos de entero en fs/bio.c en el kernel de Linux anterior a v2.6.36.2 permite a usuarios locales causar una denegación de servicio (fallo del sistema) a través de un dispositivo ioctl manipulado a un dispositivo SCSI. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb4644cac4a2797afc847e6c92736664d4b0ea34 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://l • CWE-190: Integer Overflow or Wraparound •
CVE-2010-4158 – Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4158
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. La función sk_run_filter en net/core/filter.c en el kernel de Linux anteriores a v2.6.36.2 no comprueba si una posición de memoria determinada se ha inicializado antes de ejecutar una instrucción (1) BPF_S_LD_MEM o (2) BPF_S_LDX_MEM, permite a usuarios locales obtener información potencialmente confidencial de pila del núcleo de la memoria a través de un filtro socket manipulado. • https://www.exploit-db.com/exploits/34987 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4577 – webkit: CSS Font Face Parsing Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2010-4577
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." Google Chrome anterior v8.0.552.224 y Chrome OS anterior v8.0.552.343 no parsea adecuadamente la secuencia de elementos Cascading Style Sheets (CSS), lo que permite a atacantes remotos causar una denegación de servicio (por lectura fuera de rango) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=63866 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html http://secunia.com/advisories/42648 http://secunia.com/advisories/43086 http://trac.webkit.org/changeset/72685 http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp http://www.debian.org/security/2011/dsa-2188 http://www.gentoo.org/security/en/ • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •