CVSS: 4.3EPSS: 1%CPEs: 43EXPL: 0CVE-2014-3730 – Debian Security Advisory 2934-1
https://notcve.org/view.php?id=CVE-2014-3730
16 May 2014 — The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." La función django.util.http.is_safe_url en Django 1.4 anterior a 1.4.13, 1.5 anterior a 1.5.8, 1.6 anterior a 1.6.5 y 1.7 anterior a 1.7b4 no valida debidamente URLs, lo que permite a atacantes remotos realizar ataques ... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2014-1418 – Ubuntu Security Notice USN-2212-1
https://notcve.org/view.php?id=CVE-2014-1418
15 May 2014 — Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Django 1.4 anterior a 1.4.13, 1.5 anterior a 1.5.8, 1.6 anterior a 1.6.5 y 1.7 anterior a 1.7b4 no incluye debidamente la cabecera (1) Vary: Cookie o (2) Cache-Control en respuestas, lo que permite a atacantes remotos obt... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4407
https://notcve.org/view.php?id=CVE-2011-4407
14 May 2014 — ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. ppa.py en Software Properties anterior a 0.81.13.3 no valida el certificado de servidor cuando descarga huellas dactilares de claves GPG PPA, lo que permite a atacantes man-in-the-middle (MITM) falsificar claves GPG para un repositorio de paquete. • http://www.ubuntu.com/usn/USN-1352-1 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2014-0209 – libXfont: integer overflow of allocations in font metadata file parsing
https://notcve.org/view.php?id=CVE-2014-0209
14 May 2014 — Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Múltiples desbordamientos de enteros en las funciones (1) FontFileAddEntry y (2) lexAlias en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 podrían permitir a usu... • http://advisories.mageia.org/MGASA-2014-0278.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 26EXPL: 0CVE-2014-0210 – libXfont: unvalidated length fields when parsing xfs protocol replies
https://notcve.org/view.php?id=CVE-2014-0210
14 May 2014 — Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Múltiples desbordamientos de buffer en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbit... • http://advisories.mageia.org/MGASA-2014-0278.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 26EXPL: 0CVE-2014-0211 – libXfont: integer overflows calculating memory needs for xfs replies
https://notcve.org/view.php?id=CVE-2014-0211
14 May 2014 — Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Múltiples desbordamientos de enteros en las funciones (1) fs_get_reply, (2) fs_alloc_glyphs y (3) fs_read_extent_info en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecu... • http://advisories.mageia.org/MGASA-2014-0278.html • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2014-3144 – Kernel: filter: prevent nla extensions to peek beyond the end of the message
https://notcve.org/view.php?id=CVE-2014-3144
11 May 2014 — The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. Las implementaciones de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2014-3145 – Kernel: filter: prevent nla extensions to peek beyond the end of the message
https://notcve.org/view.php?id=CVE-2014-3145
11 May 2014 — The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. La implementación de extensión BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 60%CPEs: 49EXPL: 7CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
06 May 2014 — The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo... • https://packetstorm.news/files/id/126603 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4544 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4544
28 Apr 2014 — hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. hw/net/vmxnet3.c en QEMU 2.0.0-rc0, 1.7.1, y anteriores permite a usuarios locales invitados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores relacionados con números de... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484 • CWE-20: Improper Input Validation •