CVSS: 6.5EPSS: 0%CPEs: 160EXPL: 0CVE-2014-8094 – xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()
https://notcve.org/view.php?id=CVE-2014-8094
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. Desbordamiento de enteros en la función ProcDRI2GetBuffers en la extensión DRI2 en X.Org Server (también conocido como xserver y xorg-server) 1.7.0 hasta 1.16.x anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada, lo que provoca una lectura o escritura fuera de rango. An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71601 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09 https://security.gentoo.org/glsa/201504-06 https://access.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 2%CPEs: 83EXPL: 0CVE-2014-7142
https://notcve.org/view.php?id=CVE-2014-7142
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (caída) a través de un tamaño de paquete (1) ICMP o (2) ICMP6 manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/539 http://seclists.org/oss-sec/2014/q3/613 http://seclists.org/oss-sec/2014/q3/626 http://secunia.com/advisories/60242 http://ubuntu.com/usn/usn-2422-1 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/70022 http://www. • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8991
https://notcve.org/view.php?id=CVE-2014-8991
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. pip 1.3 hasta 1.5.6 permite a usuarios locales causar una denegación de servicio (prevención de la instalación de paquetes) mediante la creación de un fichero /tmp/pip-build-* para otro usuario. • http://www.openwall.com/lists/oss-security/2014/11/19/17 http://www.openwall.com/lists/oss-security/2014/11/20/6 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/71209 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847 https://github.com/pypa/pip/pull/2122 •
CVSS: 5.0EPSS: 8%CPEs: 15EXPL: 4CVE-2014-8768 – tcpdump 4.6.2 - Geonet Decoder Denial of Service
https://notcve.org/view.php?id=CVE-2014-8768
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. Múltiples subdesbordamientos de enteros en la función geonet_print en tcpdump 4.5.0 hasta 4.6.2, cuando se utiliza el modo verbose, permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y caída) a través de un valor de longitud manipulado en un Frame Geonet. tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload. • https://www.exploit-db.com/exploits/35359 http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Nov/48 http://www.exploit-db.com/exploits/35359 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/archive/1/534010/100/0/threaded http://www.securityfocus.com/bid/71155 http://www.ubuntu.com/ • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-6530 – mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
https://notcve.org/view.php?id=CVE-2014-6530
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.38 y anteriores, y 5.6.19 y anteriores, permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad, y la disponibilidad a través de vectores relacionados con CLIENT:MYSQLDUMP. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70486 https://access.redhat.com/security/cve/CVE-2014-6530 https://bugzilla.redhat.com/show_bug.cgi?id=1153493 •