CVSS: 7.1EPSS: 1%CPEs: 43EXPL: 0CVE-2012-5689 – bind: denial of service when processing queries and with both DNS64 and RPZ enabled
https://notcve.org/view.php?id=CVE-2012-5689
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. ISC BIND v9.8.x hasta 9.8.4-P1 y v9.9.x hasta v9.9.2-P1, en ??ciertas configuraciones que implican DNS64 con una zona de política de respuesta que carece de una regla de reescritura AAAA, permite a atacantes remotos provocar una denegación de servicio (aserción fracaso y salida llamado demonio) a través de una consulta para un registro AAAA. • http://rhn.redhat.com/errata/RHSA-2013-0550.html http://www.isc.org/software/bind/advisories/cve-2012-5689 http://www.ubuntu.com/usn/USN-2693-1 https://kb.isc.org/article/AA-00855 https://access.redhat.com/security/cve/CVE-2012-5689 https://bugzilla.redhat.com/show_bug.cgi?id=903417 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 24EXPL: 0CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled
https://notcve.org/view.php?id=CVE-2012-6075
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques remotos que provocan una denegación de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar código arbitrario. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 3%CPEs: 9EXPL: 2CVE-2012-5614 – MySQL - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otras versiones, permiten a usuarios remotos autenticados provocar una denegación de servicio (caída de mysqld) a través de un comando SELECT con un comando updateXML que contiene XML con un gran número de elementos anidados "unique". Oracle MySQL version 5.5.19-log on SuSE Linux suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/23078 http://rhn.redhat.com/errata/RHSA-2013-0772.html http://seclists.org/fulldisclosure/2012/Dec/7 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555. •