CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-0564 – wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)
https://notcve.org/view.php?id=CVE-2015-0564
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. Desbordamiento de buffer en la función ssl_decrypt_record en epan/dissectors/packet-ssl-utils.c en Wireshark 1.10.x anterior a 1.10.12 y 1.12.x anterior a 1.12.3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado que se maneja incorrectamente durante la descifrado de una sesión SSL. • http://advisories.mageia.org/MGASA-2015-0019.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html http://rhn.redhat.com/errata/RHSA-2015-1460.html http://secunia.com/advisories/62612 http://secunia.com/advisories/62673 http://www.debian.org/security/2015/dsa-3141 http://www.mandriva.com/security/advisories?name=MDVSA-2015:022 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2014-8145
https://notcve.org/view.php?id=CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. Múltiples desbordamientos de buffer basados en memoria dinámica en Sound eXchange (SoX) 14.4.1 y anteriores permite a atacantes remotos tener un impacto sin especificar a través de un archivo WAV modificado a la función (1) start_read o (2) AdpcmReadBlock. • http://advisories.mageia.org/MGASA-2014-0561.html http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html http://www.debian.org/security/2014/dsa-3112 http://www.mandriva.com/security/advisories?name=MDVSA-2015:015 http://www.ocert.org/advisories/ocert-2014-010.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71774 https://lists.debian.org/debian-lts-announce/2019/02/msg00034.html https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (caída del demonio) a través de una consulta LDAP con éxito pero sin resultados, tal y como fue demostrado mediante el uso de un tipo de objeto incorrecto para una política de contraseñas. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. • http://advisories.mageia.org/MGASA-2014-0536.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71679 http://www.sec • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0CVE-2014-8964 – pcre: incorrect handling of zero-repeat assertion conditions
https://notcve.org/view.php?id=CVE-2014-8964
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Desbordamiento de buffer basado en memoria dinámica en PCRE 8.36 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o tener otro impacto no especificado a través de una expresión regular manipulada, relacionado con una aserción que permite cero repeticiones. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions. • http://advisories.mageia.org/MGASA-2014-0534.html http://bugs.exim.org/show_bug.cgi?id=1546 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8124 – python-django-horizon: denial of service via login page requests
https://notcve.org/view.php?id=CVE-2014-8124
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. OpenStack Dashboard (Horizon) anterior a 2014.1.3 y 2014.2.x anterior a 2014.2.1 no maneja correctamente los archivos de sesiones cuando utiliza un motor de sesión db o memcached, lo que permite a atacantes remotos causar una denegación de servicio a través de un número grande de solicitudes en la página de inicio de sesión. A denial of service flaw was found in the OpenStack Dashboard (horizon) when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-0839.html http://rhn.redhat.com/errata/RHSA-2015-0845.html http://secunia.com/advisories/61186 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.launchpad.net/horizon/+bug/1394370 https:&#x • CWE-400: Uncontrolled Resource Consumption •