CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1542
https://notcve.org/view.php?id=CVE-2014-1542
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. Desbordamiento de buffer en Speex Resampler en el subsystema Web Audio en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con una tasa manipulada de cuenta y muestreo de canales AudioBuffer. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://secunia.com/advisories/59866 http://www.mozilla.org/security/announce/2014/mfsa2014-53.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3967
https://notcve.org/view.php?id=CVE-2014-3967
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x no comprueba debidamente el valor de retorno de la comprobación de configuraciones IRQ, lo que permite a administradores locales invitados de HVM causar una denegación de servicio (referencia a puntero nulo y caída) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://www.openwall.com/lists/oss-security/2014/06/04/13 http://www.securityfocus.com/bid/67794 http://www.securitytracker.com/id/1030322 http://xenbits.xen.org/xsa/advisory-96.html ht •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3968
https://notcve.org/view.php?id=CVE-2014-3968
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x permite a administradores locales invitados causar una denegación de servicio (caída de anfitrión) a través de un número grande de solicitudes manipuladas, lo que provoca que se registra un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://www.openwall.com/lists/oss-security/2014/06/04/13 http://www.securityfocus.com/bid/67794 http://www.securityfocus.com/bid/67824 http://www.securitytracker.com/id/1030322 http:/ •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 3CVE-2014-3004 – Castor Library - XML External Entity Information Disclosure
https://notcve.org/view.php?id=CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. La configuración por defecto para Xerces SAX Parser en Castor anterior a 1.3.3 permite a atacantes dependientes de contexto realizar ataques de entidad externa XML (XXE) a través de un documento XML manipulado. Castor Library version 1.3.3-RC1 suffers from a file disclosure vulnerability via XXE injection. • https://www.exploit-db.com/exploits/39205 http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html http://seclists.org/fulldisclosure/2014/May/142 http://secunia.com/advisories/59427 http://www.securityfocus.com/bid/67676 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.4EPSS: 0%CPEs: 75EXPL: 0CVE-2014-0179 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. libvirt 0.7.5 hasta 1.2.x anterior a 1.2.5 permite a usuarios locales causar una denegación de servicio (bloqueo de lectura y cuelgue) a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método (1) virConnectCompareCPU o (2) virConnectBaselineCPU API, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema fue dividido (SPLIT) por ADT3 debido a las diferentes versiones afectadas de algunos vectores. CVE-2014-5177 se utiliza para otros métodos API. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.debian.org/security/2014/dsa-3038 http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-20 • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •