CVSS: 8.8EPSS: 5%CPEs: 17EXPL: 0CVE-2012-0247 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0247
05 Jun 2012 — ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de desplazamientos (offsets) modificados y contar valores en la etiqueta ResolutionUnit en el EXIF IFD0 ... • http://rhn.redhat.com/errata/RHSA-2012-0544.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-0248 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0248
05 Jun 2012 — ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de una imagen hecha a mano, cuya IFD contiene etiquetas IOP que referencian al principio del IDF. • http://rhn.redhat.com/errata/RHSA-2012-0544.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
05 Jun 2012 — The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. Aleksis Kauppinen, Joonas Kuorilehto and Tuoma... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2012-1798 – ImageMagick: Out-of-bounds buffer read by copying image bytes for TIFF images with crafted TIFF EXIF IFD value
https://notcve.org/view.php?id=CVE-2012-1798
05 Jun 2012 — The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. La función de TIFFGetEXIFProperties en coders/tiff.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites y caída de la aplicación) a través de un IFD EXIF modificado en una imagen TIFF. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 7%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 77%CPEs: 16EXPL: 1CVE-2012-0053 – Apache - httpOnly Cookie Disclosure
https://notcve.org/view.php?id=CVE-2012-0053
28 Jan 2012 — protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. protocol.c en Apache HTTP Server v2.2.x hasta la v2.2.21 no limita adecuadamente la información de cabecera durante la construcción de mensajes de error Bad Request (errores 400)... • https://www.exploit-db.com/exploits/18442 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 2CVE-2012-0031 – Apache 2.2 - Scoreboard Invalid Free On Shutdown
https://notcve.org/view.php?id=CVE-2012-0031
18 Jan 2012 — scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. scoreboard.c en Apache HTTP Server v2.2.21 y anteriores puede permitir a usuarios locales provocar una denegación de servicio (caída del demonio durante el apagado) o posiblemente, tener un impacto no e... • https://www.exploit-db.com/exploits/41768 •
CVSS: 7.8EPSS: 10%CPEs: 10EXPL: 5CVE-2011-2189 – Linux Kernel 2.6.35 - Network Namespace Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-2189
10 Oct 2011 — net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. net / core / net_namespace.c en el kernel de Linux v2.6.32 y anteriores no maneja adecuadamente una alta tasa de creación y limpieza de los espacios de nombres de red, ... • https://www.exploit-db.com/exploits/36425 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2009-0115 – device-mapper-multipath: insecure permissions on multipathd.sock
https://notcve.org/view.php?id=CVE-2009-0115
30 Mar 2009 — The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero d... • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 35%CPEs: 48EXPL: 1CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2008-4582
15 Oct 2008 — Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referen... • https://www.exploit-db.com/exploits/32466 • CWE-264: Permissions, Privileges, and Access Controls •