CVSS: 3.3EPSS: 0%CPEs: 21EXPL: 0CVE-2014-4214
https://notcve.org/view.php?id=CVE-2014-4214
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SRSP. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68607 http://www.securitytracker.com/id/1030578 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94627 •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4207 – mysql: unspecified vulnerability related to SROPTZR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4207
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SROPTZR. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-2484
https://notcve.org/view.php?id=CVE-2014-2484
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remoto autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con SRFTS. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securitytracker.com/id/1030578 http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2494 – mysql: unspecified vulnerability related to ENARC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-2494
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con ENARC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4655 – Kernel: ALSA: control: use-after-free in replacing user controls
https://notcve.org/view.php?id=CVE-2014-4655
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. La función snd_ctl_elem_add en sound/core/control.c en la implementación del control ALSA en el kernel de Linux anterior a 3.15.2 no gestiona debidamente el valor user_ctl_count, lo que permite a usuarios locales causar una denegación de servicio (desbordamiento de enteros y evadir el limite) mediante el aprovechamiento de acceso /dev/snd/controlCX para un numero largo de llamadas SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl. A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82262a46627bebb0febcc26664746c25cef08563 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://secunia.com/advisories/60545 http://secunia.com/advisories/60564 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 http://www.openwall.com/lists/o • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •