CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 9CVE-2010-3856 – glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3856
07 Jan 2011 — ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. ld.so en la librería de GNU C (también conocida como glibc o libc6) anteriores a v2.11.3, y v2.12.x anteriores a v2.12.2, no restringen el uso de ... • https://packetstorm.news/files/id/173661 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3192
https://notcve.org/view.php?id=CVE-2010-3192
12 Oct 2010 — Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations... • http://seclists.org/fulldisclosure/2010/Apr/399 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2010-3089 – mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks
https://notcve.org/view.php?id=CVE-2010-3089
15 Sep 2010 — Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en GNU Mailman anterior a v2.1.14rc1 permite a los usuarios remotos autenticados inyectar código web o HTML a su elección a través de vectores involucrados (1) el campo de infor... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2056 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-2056
22 Jul 2010 — GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. GNU gv anterior a v3.7.0 permite a usuarios locales sobrescribir ficheros a su elección mediante un ataque de enlace simbólico en un archivo temporal. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-2252 – wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]
https://notcve.org/view.php?id=CVE-2010-2252
06 Jul 2010 — GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. GNU Wget v1.12 y anteriores usan un nombre de fichero proporcionado por el servidor en lugar de... • http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 1CVE-2010-0296 – glibc: Improper encoding of names with certain special character in utilities for writing to mtab table
https://notcve.org/view.php?id=CVE-2010-0296
01 Jun 2010 — The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. La macro "encode_name" en "misc/mntent_r.c" en la Librería C GNU (también conocida como glibc or libc6) v2.11.1 y anteriores, como la usada por "ncpmoun... • https://packetstorm.news/files/id/153278 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 37EXPL: 4CVE-2009-4880 – GNU glibc 2.x - 'strfmon()' Integer Overflow
https://notcve.org/view.php?id=CVE-2009-4880
01 Jun 2010 — Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. Múltiples desbordamientos de entero en la implementación "strfmon" en la Librería C GNU (también conocida como glibc or libc6) v2.10.1 y anterior... • https://www.exploit-db.com/exploits/33230 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 38EXPL: 0CVE-2010-0830 – glibc: ld.so d_tag signedness error in elf_get_dynamic_info
https://notcve.org/view.php?id=CVE-2010-0830
01 Jun 2010 — Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. Error de persistencia de signo en entero en la función "elf_get_dynamic_info" en "elf/dynamic-link.h" de la librería C GNU (también conocida como glibc o... • http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2009-4881
https://notcve.org/view.php?id=CVE-2009-4881
01 Jun 2010 — Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. Desbordamiento de entero en la función "__vstrfmon_l" de "tdlib/strfmon_l.c" en la implementación "strfmon" en la Librería C GNU (también conocida como glibc... • http://security.gentoo.org/glsa/glsa-201011-01.xml • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2006-7239
https://notcve.org/view.php?id=CVE-2006-7239
24 May 2010 — The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. La función _gnutls_x509_oid2mac_algorithm en lib/gnutls_algorithms.c de GnuTLS anterior a v1.4.2. Permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un certificado X.509 ma... • http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html • CWE-310: Cryptographic Issues •