CVSS: 6.8EPSS: 10%CPEs: 14EXPL: 0CVE-2011-4516 – jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
https://notcve.org/view.php?id=CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. Desbordamiento de buffer de memoria dinámica en la función jpc_cox_getcompparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un valor numrlvls de un archivo JPEG2000. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html http://osvdb.org/77595 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/47193 http://secunia.com/advisories/47306 http://secunia.com/advisories/47353 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-3150
https://notcve.org/view.php?id=CVE-2011-3150
Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack. Software Center en Ubuntu v11.10, v11.04, v10.10 no realiza adecuadamente la validación del servidor de certificados, lo que permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de de un ataque "man-in-the-middle" (hombre-en-el-medio). • http://secunia.com/advisories/46950 http://www.securityfocus.com/bid/50754 http://www.ubuntu.com/usn/USN-1270-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/71430 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3152
https://notcve.org/view.php?id=CVE-2011-3152
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. DistUpgrade/DistUpgradeFetcherCore.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.x anterior a 1:0.150.5.1 y 1:0.152.x anterior a 1:0.152.25.5 en Ubuntu 8.04 hasta 11.10 no verifica la firma GPG antes de extraer un tarball actualizazción, lo que permite a atacantes man-the-middle (1) crear o sobrescribir archivos arbitrarios a través de un ataque de salto de directorio mediante el uso de un archivo TAR manipulado o (2) evadir autenticación a través de un archivo meta-release manipulado. • http://secunia.com/advisories/47024 http://www.osvdb.org/77642 http://www.securityfocus.com/bid/50833 http://www.ubuntu.com/usn/USN-1284-1 https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548 https://exchange.xforce.ibmcloud.com/vulnerabilities/71494 • CWE-310: Cryptographic Issues •
CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3154
https://notcve.org/view.php?id=CVE-2011-3154
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. DistUpgrade/DistUpgradeViewKDE.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.x anterior a 1:0.150.5.1 y 1:0.152.x anterior a 1:0.152.25.5 no crea debidamente archivos temporales, lo que permite a usuarios locales obtener el contenido de archivo XAUTHORITY para un usuario a través de un ataque symlink sobre el archivo temporal. • http://secunia.com/advisories/47024 http://www.ubuntu.com/usn/USN-1284-1 https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 88%CPEs: 10EXPL: 1CVE-2011-4566 – php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure
https://notcve.org/view.php?id=CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Un desbordamiento de entero en la función exif_process_IFD_TAG en el fichero exif.c de la extensión exif de PHP v5.4.0 beta2 en las plataformas de 32 bits permite a atacantes remotos leer los contenidos de ubicaciones de memoria aleatorias o causar una denegación de servicio a través de un valor de offset_val concreto en una cabecera EXIF en un archivo JPEG. Se trata de una vulnerabilidad diferente a CVE-2.011-0708. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html http:/& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •