Page 75 of 413 results (0.045 seconds)

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 1

CVE-2010-4008 – libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis

https://notcve.org/view.php?id=CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. libxml2 anterior v2.7.8, como el usado en Google Chrome anterior v7.0.517.44, Apple Safari v5.0.2 y anteriores, otros productos, ree desde localizaciones de memoria inválidas durante el procesado de expresiones XPath malformadas, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) a través de un documento XML. • http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari http://code.google.com/p/chromium/issues/detail?id=58731 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 13EXPL: 3

CVE-2010-2963 – Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite

https://notcve.org/view.php?id=CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. drivers/media/video/v4l2-compat-ioctl32.c en la implementación de Video4Linux (V4L) en kernel de Linux anteriores a v2.6.36 en plataformas de 64 bits no valida el destino de una operación de copia de memoria, lo cual permite a usuarios locales escribir en lugares de memoria del núcleo a su elección, y en consecuencia obtener privilegios, a través de una llamada VIDIOCSTUNER ioctl en un dispositivo /dev/video, seguida por una llamada VIDIOCSMICROCODE ioctl en este dispositivo. • https://www.exploit-db.com/exploits/15344 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e645d6b485446c54c6745c5e2cf5c528fe4deec http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org&#x • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 3

CVE-2010-3904 – Linux Kernel Improper Input Validation Vulnerability

https://notcve.org/view.php?id=CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las direcciones obtenidas del espacio de usuario, lo que permite a usuarios locales escalar privilegios a través de un uso manipulado de las llamadas del sistema sendmsg y recvmsg. Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. • https://www.exploit-db.com/exploits/44677 https://www.exploit-db.com/exploits/15285 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3702 – xpdf: uninitialized Gfx::parser pointer dereference

https://notcve.org/view.php?id=CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros productos permite que los atacantes dependiendo del contexto generen una denegación de servicio (bloqueo) por medio de vectores desconocidos que desencadenan una desreferencia de puntero no inicializada. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html http://lists.fedoraproject.org/pipermail/package • CWE-476: NULL Pointer Dereference •

CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0

CVE-2010-3442 – kernel: prevent heap corruption in snd_ctl_new()

https://notcve.org/view.php?id=CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. Múltiples desbordamientos de entero en la función snd_ctl_new de sound/core/control.c en el kernel de Linux en versiones anteriores a la 2.6.36-rc5-next-20100929. Permiten a usuarios locales provocar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente provocar otros impactos sin especificar a través de una llamada ioctl (1) SNDRV_CTL_IOCTL_ELEM_ADD o (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://list • CWE-190: Integer Overflow or Wraparound •