CVSS: 6.9EPSS: 0%CPEs: 39EXPL: 0CVE-2014-9529 – kernel: use-after-free during key garbage collection
https://notcve.org/view.php?id=CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción de memoria o pánico) o posiblemente tener otro impacto no especificado a través de comandos keyctl que provocan el acceso a un miembro de la estructura clave durante la recogida de basura de una clave. A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-8139 – unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)
https://notcve.org/view.php?id=CVE-2014-8139
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Un desbordamiento del búfer en la región heap de la memoria en la comprobación de CRC32 en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. • http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174844 https://access.redhat.com/security/cve/CVE-2014-8139 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-8141 – unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
https://notcve.org/view.php?id=CVE-2014-8141
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Un desbordamiento del búfer en la región heap de la memoria en la función getZip64Data en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip. A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. • http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174856 https://access.redhat.com/security/cve/CVE-2014-8141 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-8140 – unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)
https://notcve.org/view.php?id=CVE-2014-8140
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Un desbordamiento del búfer en la región heap de la memoria en la función test_compr_eb en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip. An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. • http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174851 https://access.redhat.com/security/cve/CVE-2014-8140 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 1%CPEs: 103EXPL: 0CVE-2014-3580 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
https://notcve.org/view.php?id=CVE-2014-3580
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. El módulo mod_dav_svn Apache HTTPD del servidor Apache Subversion 1.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos llevar a cabo una denegación de servicio (referencia a puntero nulo y caída de servidor) mediante una petición REPORT para un recurso inexistente. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/61131 http://subversion.apache.org/security/CVE-2014-3580-advisory.txt http://www.debian.org/security/2014/dsa-3107 http://www.securityfocus.com/bid/71726 http://www.ubuntu.com/usn/USN-2721-1 https://support.apple.com/HT204427 https://access.redhat.com/security/cve/C • CWE-476: NULL Pointer Dereference •