CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 1CVE-2010-2063 – Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Desbordamiento de búfer en la implementación del paquete SMB1 en la función chain_reply en process.c en smbd en Samba v3.0.x anterior v3.3.13 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria o caída de demonio) o probablemente ejecutar código de su elección a través de un campo manipulado en un paquete. • https://www.exploit-db.com/exploits/16860 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=129138831608422&w=2 http://marc.info/?l=bugtraq&m=130835366526620&w=2 http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://osvdb.org/65518 http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 15EXPL: 0CVE-2010-0395 – openoffice.org Execution of Python code when browsing macros
https://notcve.org/view.php?id=CVE-2010-0395
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. OpenOffice.org v2.x y v3.0 anterior v3.2.1 permite a atacantes remotos asistidos por usuarios supera las restricciones macro de seguridad de Python y ejecutar código Python de su elección a través de un fichero de texto OpenDocument manipulado lo cual ocasiona la ejecución de código cuando la estructura directorio macro es previsualizada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40070 http://secunia.com/advisories/40084 http://secunia.com/advisories/40104 http://secunia.com/advisories/40107 http://secunia.com/advisories/41818 http:/ •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacantes remotos a causar una denegación de servicio (bucle infinito y consumo de memoria) mediante la petición de datos en circunstancias oportunistas. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://support.ap •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través de una solicitud de una línea base de recursos WebDAV, como se explotó en mayo de 2011. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44879 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011&# • CWE-476: NULL Pointer Dereference •