Page 67 of 453 results (0.014 seconds)

CVSS: 8.1EPSS: 12%CPEs: 3EXPL: 0

CVE-2010-2547 – 2: use-after-free when importing certificate with many alternate names

https://notcve.org/view.php?id=CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Vulnerabilidad de uso después de la liberación (use-after-free) en kbx/keybox-blob.c en GPGSM de GnuPG v2.x hasta v2.0.16 permite a atacantes remotos causar una denegación de servicio (caída del sistema) y posiblemente ejecutar código de su elección mediante un certificado con un gran número de Subject Alternate Names, que no es manejado de forma adecuada en una operación realloc cuando se importa el certificado o se verifica su firma. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://secunia.com/advisories/38877 http://secunia.com/advisories/40718 http://secunia.com/advisories/40841 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076 http://www.debi • CWE-416: Use After Free •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0

CVE-2010-2531 – php: information leak vulnerability in var_export()

https://notcve.org/view.php?id=CVE-2010-2531

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. La función var_export en PHP v5.2 anterior a v5.2.14 y v5.3 anterior a v5.3.3 vacía el búfer de salida para el usuario cuando se producen ciertos errores graves, incluso cuando display_errors está apagado, lo que permite a atacantes remotos obtener información sensible provocando que la aplicación exceda los límites de memoria, tiempo de ejecución, o recursividad. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://secunia.com/advisories/42410 http://support.apple.com/kb/HT4312 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2010-2500 – freetype: integer overflow vulnerability in smooth/ftgrays.c

https://notcve.org/view.php?id=CVE-2010-2500

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de entero en la función gray_render_span en smooth/ftgrays.c en FreeType anterior a v2.4.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un fichero fuente manipulado. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951 http://securitytracker.com/id?1024266 http://support.apple.com/kb/HT4435 http://www.deb • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2010-2497

https://notcve.org/view.php?id=CVE-2010-2497

Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de entero glyph manejado en FreeType anterior a v2.4.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un fichero fuente manipulado. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951 http://support.apple.com/kb/HT4435 http://www.debian.org/security/2010/dsa-2070 http:&# • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2010-2498 – freetype: invalid free vulnerability with possible heap corruption

https://notcve.org/view.php?id=CVE-2010-2498

The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. La función psh_glyph_find_strong_points en pshinter/pshalgo.c de FreeType anterior a v2.4.0 no implementa adecuadamente mascaras sugeridas, lo cual permite a atacantes remotos causar una denegación de servicio (corrupción en la pila de memoria y fallo de la aplicación) o posiblemente ejecutar código a su elección a través de ficheros de fuentes manipulados que provocan una operación libre no válida. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html http://marc.info/?l=oss-security&m=127905701201340&w=2 http://marc.info/?l=oss-security&m=127909326909362&w=2 http://secunia.com/advisories/48951 http://securitytracker.com/id?1024266 http://support.apple.com/kb/HT4435 http://www.deb • CWE-787: Out-of-bounds Write •