
CVE-2010-2960
https://notcve.org/view.php?id=CVE-2010-2960
08 Sep 2010 — The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. La función keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesió... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html • CWE-476: NULL Pointer Dereference •

CVE-2010-2066 – kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
https://notcve.org/view.php?id=CVE-2010-2066
08 Sep 2010 — The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. La función mext_check_arguments en fs/ext4/move_extent.c en el kernel de Linux anterior a v2.6.35, permite a usuarios locales sobrescribir una archivo de solo-añadir (append-only) a través de una llamada MOVE_EXT ioctl que especifica este archivo como un donante. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 •

CVE-2010-2495
https://notcve.org/view.php?id=CVE-2010-2495
08 Sep 2010 — The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. La función pppol2tp_xmit en drivers/net/pppol2tp.c en la implementación L2TP en el kernel de Linux anterior a v2.6.34, no valida adecuadamente determinados... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5 • CWE-476: NULL Pointer Dereference •

CVE-2010-2524 – kernel: dns_resolver upcall security issue
https://notcve.org/view.php?id=CVE-2010-2524
08 Sep 2010 — The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. La funcionalidad de resolución DNS en el kernel de Linux anterior a v2.6.35, cuando CONFIG_CI... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7 •

CVE-2010-2954
https://notcve.org/view.php?id=CVE-2010-2954
03 Sep 2010 — The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. La función irda_bind en net/irda/af_irda.c en el kernel de Linux anterior v2.6.36-rc3-next-20100901 no maneja adecuadamente los fallos de la... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257 • CWE-476: NULL Pointer Dereference •

CVE-2010-2226 – kernel: xfs swapext ioctl minor security issue
https://notcve.org/view.php?id=CVE-2010-2226
03 Sep 2010 — The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. La función xfs_swapext en fs/xfs/xfs_dfrag.c en el kernel de Linux kernel anterior v2.6.35 no chequea adecuadamente los descriptores de archivo en SWAPEXT ioctl, lo que permiete a usuarios locales aprovechar el acceso de escritura y obtener acc... • http://archives.free.net.ph/message/20100616.130710.301704aa.en.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2010-2805 – freetype: FT_Stream_EnterFrame() does not properly validate certain position values
https://notcve.org/view.php?id=CVE-2010-2805
19 Aug 2010 — The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. La función FT_Stream_EnterFrame en base/ftstream.c de FreeType anterior a v2.4.2 no valida adecuadamente los valores de cierta posición, lo cual permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o posibleme... • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 • CWE-20: Improper Input Validation •

CVE-2010-2806 – FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)
https://notcve.org/view.php?id=CVE-2010-2806
19 Aug 2010 — Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. Error de índice de array en la función t42_parse_sfnts en type42/t42parse.c de FreeType anterior a v2.4.2 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o p... • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 • CWE-122: Heap-based Buffer Overflow CWE-129: Improper Validation of Array Index •

CVE-2010-2807
https://notcve.org/view.php?id=CVE-2010-2807
19 Aug 2010 — FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. FreeType anterior a v2.4.2 utiliza incorrectametne tipos de datos entero durante la comprobación de límites, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de ficheros fuente manipulados. • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 • CWE-681: Incorrect Conversion between Numeric Types •

CVE-2010-2808 – FreeType: Stack-based buffer overflow by processing certain LWFN fonts
https://notcve.org/view.php?id=CVE-2010-2808
19 Aug 2010 — Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. Desbordamiento de búfer en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.2 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y fallo de la aplicación) o posibl... • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •