CVSS: 3.5EPSS: 1%CPEs: 9EXPL: 4CVE-2010-2008 – Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2008
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. MySQL anterior a v5.1.48 permite a usuarios autenticados remotamente con privilegios de modificación en la base de datos provocar una denegación de servicio (caída de servidor y pérdida de la base de datos) a través del comando "ALTER DATABASE" con una cadena #mysql50# seguida de un ..(punto punto), ../ (punto punto barra) o secuencia similar, y un comando "UPGRADE DATA DIRECTORY NAME", lo que provoca que MySQL mueva ciertos directorios al directorio del servidor de datos. • https://www.exploit-db.com/exploits/14537 http://bugs.mysql.com/bug.php?id=53804 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html http://secunia.com/advisories/40333 http://secunia.com/advisories/40762 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.securityfocus.com/bid/41198 http://www.securitytracker.com/id?1024160 http://www.ubuntu.com/usn/USN-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2010-2648
https://notcve.org/view.php?id=CVE-2010-2648
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La implementación de Unicode Bidirectional Algorithm (conocido como algoritmo Bidi o UBA) en Google Chrome anterior v5.0.375.99 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o probablemente tener otro impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=44424 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://secunia.com/advisories/41856 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 4EXPL: 1CVE-2010-2647
https://notcve.org/view.php?id=CVE-2010-2647
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. Google Chrome anterior v5.0.375.99 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o probablemente tener otro impacto no especificados a través de documentos SVG no válidos. • http://code.google.com/p/chromium/issues/detail?id=43488 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://secunia.com/advisories/41856 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11884 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 96%CPEs: 73EXPL: 0CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari de Apple anterior a versión 4.1 sobre Mac OS X versión 10.4 y Chrome de Google anterior a versión 5.0.375.70, no maneja apropiadamente una transformación de un nodo de texto que tiene el conjunto de caracteres IBM1147, que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento HTML especialmente diseñado que contiene un elemento BR, relacionado con un "type checking issue." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. • http://code.google.com/p/chromium/issues/detail?id=43487 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacantes remotos a causar una denegación de servicio (bucle infinito y consumo de memoria) mediante la petición de datos en circunstancias oportunistas. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://support.ap •