CVSS: 7.5EPSS: 4%CPEs: 38EXPL: 0CVE-2015-1182
https://notcve.org/view.php?id=CVE-2015-1182
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. La función asn1_get_sequence_of en library/asn1parse.c en PolarSSL 1.0 hasta 1.2.12 y 1.3.x hasta 1.3.9 no inicializa correctamente un puntero en la lista vinculada asn1_sequence, lo que permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una secuencias ASN.1 manipulada en un certificado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html http://secunia.com/advisories/62270 http://secunia.com/advisories/62610 http://www.debian.org/security/2015/dsa-3136 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 https://security.gentoo.org/glsa/201801-15 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8148
https://notcve.org/view.php?id=CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. La regla del control de acceso a D-Bus por defecto en Midgard2 10.05.7.1 permite a usuarios locales enviar llamadas o señales de método arbitrarias a cualquier proceso en el bus del sistema y posiblemente ejecutar código arbitrario con privilegios de root. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.openwall.com/lists/oss-security/2015/01/05/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-9640
https://notcve.org/view.php?id=CVE-2014-9640
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. oggenc/oggenc.c en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un fichero raw manipulado. • http://advisories.mageia.org/MGASA-2015-0051.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148852.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00032.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:037 http://www.openwall.com/lists/oss-security/2015/01/21/6 http://www.openwall.com/lists/oss-security/2015/01/22/9 https://trac.xiph.org/changeset/19117 https://trac.xiph.org/ticket/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 1CVE-2014-9638
https://notcve.org/view.php?id=CVE-2014-9638
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. oggenc en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (error de la división por cero y caída) a través de un fichero WAV con el número de canales configurado en cero. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html http://seclists.org/fulldisclosure/2015/Jan/78 http://www.openwall.com/lists/oss-security/2015/01/21/5 http://www.openwall.com/lists/oss-security/2015/01/22/9 http://www.securityfocus.com/bid/72290 https://trac.xiph.org/ticket/2137 •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 1CVE-2014-9639
https://notcve.org/view.php?id=CVE-2014-9639
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Desbordamiento de enteros en oggenc en vorbis-tools 1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de un número manipulado de canales en un fichero WAV, lo que provoca un acceso a memoria fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html http://seclists.org/fulldisclosure/2015/Jan/78 http://www.openwall.com/lists/oss-security/2015/01/21/5 http://www.openwall.com/lists/oss-security/2015/01/22/9 http://www.securityfocus.com/bid/72295 https://trac.xiph.org/ticket/2136 •