CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4657
https://notcve.org/view.php?id=CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. PHP5 versiones anteriores a la versión 5.4.4, permite pasar cadenas utf-8 no válidas por medio de la función xmlTextWriterWriteAttribute, que libxml2 analiza incorrectamente. Esto resulta en una pérdida de memoria en la salida resultante. • https://access.redhat.com/security/cve/cve-2010-4657 https://bugs.launchpad.net/php/%2Bbug/655442 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657 https://security-tracker.debian.org/tracker/CVE-2010-4657 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2011-2897
https://notcve.org/view.php?id=CVE-2011-2897
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw gdk-pixbuf versiones hasta 2.31.1, presenta un desbordamiento de búfer del cargador GIF cuando se inicializan las tablas de descompresión debido a un fallo de comprobación de entrada • https://access.redhat.com/security/cve/cve-2011-2897 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897 https://security-tracker.debian.org/tracker/CVE-2011-2897 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2471
https://notcve.org/view.php?id=CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection Drupal versiones 5.x y 6.x, tiene un redireccionamiento abierto • http://www.openwall.com/lists/oss-security/2014/02/12/8 https://access.redhat.com/security/cve/cve-2010-2471 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592716 https://security-tracker.debian.org/tracker/CVE-2010-2471 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4900
https://notcve.org/view.php?id=CVE-2011-4900
TYPO3 before 4.5.4 allows Information Disclosure in the backend. TYPO3 versiones anteriores a la versión 4.5.4, permite una divulgación de información en el back-end. • https://security-tracker.debian.org/tracker/CVE-2011-4900 https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3674
https://notcve.org/view.php?id=CVE-2010-3674
TYPO3 before 4.4.1 allows XSS in the frontend search box. TYPO3 versiones anteriores a la versión 4.4.1, permite un ataque de tipo XSS en el cuadro de búsqueda de la interfaz. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 https://security-tracker.debian.org/tracker/CVE-2010-3674 https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •