Page 71 of 453 results (0.025 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-1086 – kernel: dvb-core: DoS bug in ULE decapsulation code

https://notcve.org/view.php?id=CVE-2010-1086

The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. La funcionalidad de descapsulación ULE en drivers/media/dvb/dvb-core/dvb_net.c en dvb-core en el kernel de Linux v2.6.33y anteriores permite a atacantes producir una denegación de servicio (bucle infinito) a través de un marco MPEG2-TS manipulado, relacionado con el payload de un puntero ULE no valido • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29e1fa3565a7951cc415c634eb2b78dbdbee151d http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html http://secunia.com/advisories/39649 http://secunia.com/advisories/39742 http://secunia.com/advisories/39830 http://secunia.com/advisories/43315 http://support.avaya.com/css/P8/documents/100088287 http://support.avaya.com/css/P8/documents/100090459 http://www.debian.org/security/2010/dsa-2053 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2010-1187 – kernel: tipc: Fix oops on send prior to entering networked mode

https://notcve.org/view.php?id=CVE-2010-1187

The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. La Transparent Inter-Process Communication (TIPC) del kernel de Linux versiones 2.6.16-rc1 hasta 2.6.33, y posiblemente otras versiones, permite a los usuarios locales causar una denegación de servicio (OOPS de kernel) mediante el envío de datagramas por medio de AF_TIPC antes de entrar en modo de red, lo que desencadena una desreferencia de puntero NULL. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commitdiff%3Bh=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6%3Bhp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3 http://secunia.com/advisories/39830 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2053 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2010/03/30/1 http://www.openwall.com/lists/oss-security/2010/03/31/1 http://www.securityfocus.com/archive&# • CWE-476: NULL Pointer Dereference •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 2

CVE-2010-0727 – kernel: bug in GFS/GFS2 locking code leads to dos

https://notcve.org/view.php?id=CVE-2010-0727

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. La función gfs2_lock en el Linux kernel anterior v2.6.34-rc1-next-20100312, y la función gfs_lock en el Linux kernel de Red Hat Enterprise Linux (RHEL) v5 y v6, no elimina adecuadamente el POSIX locks en los archivos setgid sin permisos group-execute, lo que permite a usuarios locales causar una denegación de servicio (BUG y caída de sistema) bloqueando un archivo en los sistemas de archivos(1) GFS o (2) GFS2, y luego cambiar los permisos de este archivo. • http://lkml.org/lkml/2010/3/11/269 http://secunia.com/advisories/39830 http://securitytracker.com/id?1023809 http://www.debian.org/security/2010/dsa-2053 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 http://www.openwall.com/lists/oss-security/2010/03/12/1 http://www.redhat.com/support/errata/RHSA-2010-0330.html http://www.redhat.com/support/errata/RH • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2010-0434 – httpd: request header information leak

https://notcve.org/view.php?id=CVE-2010-0434

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. La funcion ap_read_request en server/protocol.c en Apache HTTP Server v2.2.x en versiones anteriores a v2.2.15, cuando se utiliza multithreaded MPM , no maneja adecuadamente las cabeceras de las subpeticiones en ciertas circunstancias incluyendo una peticion padre que tiene cuerpo, lo que permite a atacantes remotos obtener informacion sensible a traves de una peticion manipulada que inicia un acceso a lugares de la memoria asociados con las ultimas peticiones. • http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://lists.vmware.com/pipermail/security-announce/2010/000105.html http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://secunia& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 0

CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk

https://notcve.org/view.php?id=CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. La función png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representación descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicación) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del método de decompresión con datos con muchas ocurrencias del mismo caracter, en relación con un ataque "decompression bomb" (bomba de descompresión). • http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http:/ • CWE-400: Uncontrolled Resource Consumption •