CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4192
https://notcve.org/view.php?id=CVE-2011-4192
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." kiwi anterior a 4.85.1, utilizado en SUSE Studio Onsite 1.2 anterior a 1.2.1 y SUSE Studio Extension para System z 1.2 anterior a 1.2.1, permite a atacantes ejecutar comandos arbitrarios tal y como fue demostrado por "comillas dobles en kiwi_oemtitle de .profile." • http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2011-3180
https://notcve.org/view.php?id=CVE-2011-3180
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. kiwi anterior a 4.98.08, utilizado en SUSE Studio Onsite 1.2 anterior a 1.2.1 y SUSE Studio Extension para System z 1.2 anterior a 1.2.1, permite a atacantes ejecutar comandos arbitrarios a través de metacaracteres de shell en la ruta de un archivo superpuesto, relacionado con chown. • http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html http://www.openwall.com/lists/oss-security/2011/11/02/4 https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f# •
CVSS: 7.1EPSS: 2%CPEs: 11EXPL: 1CVE-2014-2706 – Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
https://notcve.org/view.php?id=CVE-2014-2706
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Condición de carrera en el subsistema mac80211 en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de trafico de red que no interactúa debidamente con el estado WLAN_STA_PS_STA (también conocido como el modo power-save), relacionado con sta_info.c y tx.c. A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba http://linux.oracle.com/errata/ELSA-2014-3052.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/60613 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/04/01/8 http:/&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 2%CPEs: 8EXPL: 0CVE-2010-5298 – openssl: freelist misuse causing a possible use-after-free
https://notcve.org/view.php?id=CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar una denegación de servicio (error de uso después de liberación y análisis sintáctico) a través de una conexión SSL en un entorno con múltiples hilos. • http://advisories.mageia.org/MGASA-2014-0187.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http:/& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 1CVE-2014-1947 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-1947
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la región heap de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick versiones 6.5.4 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un gran número de capas en una imagen PSD, involucrando la cadena L%02ld, una vulnerabilidad diferente de CVE-2014-2030. • https://www.exploit-db.com/exploits/31688 http://www.openwall.com/lists/oss-security/2014/02/12/13 http://www.openwall.com/lists/oss-security/2014/02/12/2 http://www.openwall.com/lists/oss-security/2014/02/13/2 http://www.openwall.com/lists/oss-security/2014/02/13/5 http://www.openwall.com/lists/oss-security/2014/02/19/13 https://bugzilla.redhat.com/show_bug.cgi?id=1064098 https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.h • CWE-787: Out-of-bounds Write •