CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-6478
https://notcve.org/view.php?id=CVE-2014-6478
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.38 y anteriores, y 5.6.19 y anteriores, permite a atacantes remotos afectar la integridad a través de vectores relacionados con SERVER:SSL:yaSSL. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70489 •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2014-6463 – mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
https://notcve.org/view.php?id=CVE-2014-6463
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.38 y anteriores y 5.6.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores sin especificar relacionados con SERVER:REPLICATION ROW FORMAT BINARY LOG DML. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70532 https://access.redhat.com/security/cve/CVE-2014-6463 https://bugzilla.redhat.com/show_bug.cgi?id=1153462 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0397
https://notcve.org/view.php?id=CVE-2014-0397
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors." Múltiples vulnerabilidades no especificadas en libXtsol en Oracle Solaris 10 y 11.1 tienen un impacto no especificado y vectores de ataque relacionados con 'errores de buffer.' • http://www.securityfocus.com/bid/65819 https://blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors https://exchange.xforce.ibmcloud.com/vulnerabilities/91482 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.6EPSS: 0%CPEs: 5EXPL: 1CVE-2014-5459
https://notcve.org/view.php?id=CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. La clase PEAR_REST en REST.php en PEAR en PHP hasta 5.6.0 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero (1) rest.cachefile o (2) rest.cacheid en /tmp/pear/cache/, relacionado con las funciones retrieveCacheFirst y useLocalCache. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html http://www.openwall.com/lists/oss-security/2014/08/27/3 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2014-6052 – libvncserver: NULL pointer dereference flaw in framebuffer setup
https://notcve.org/view.php?id=CVE-2014-6052
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. La función HandleRFBServerMessage en libvncclient/rfbproto.c en LibVNCServer 0.9.9 y anteriores no comprueba ciertos valores de retorno malloc, lo que permite a servidores remotos VNC causar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario mediante la especificación de un tamaño de pantalla grande en un mensaje (1) FramebufferUpdate, (2) ResizeFrameBuffer, o (3) PalmVNCReSizeFrameBuffer. A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://seclists.org/oss-sec/2014/q3/639 http://secunia.com/advisories/61506 http://secunia.com/advisories/61682 http://ubuntu.com/usn/usn-2365-1 http://www.debian.org/security/2014/dsa-3081 http://www.ocert.org/advisories/ocert-2014-007.html http://www.openwall.com/lists/oss-security/2014/09/25/11 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus. • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •