CVSS: 9.8EPSS: 6%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
03 Jun 2014 — The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. Multiple buffer b... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 7%CPEs: 35EXPL: 0CVE-2014-3469 – libtasn1: asn1_read_value_type() NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-3469
03 Jun 2014 — The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. Multiple buffer boundar... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 5%CPEs: 38EXPL: 0CVE-2014-3467 – libtasn1: multiple boundary check issues
https://notcve.org/view.php?id=CVE-2014-3467
03 Jun 2014 — Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Múltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo ASN.1 manipulado. Multiple buffer boundary check issues ... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 13%CPEs: 32EXPL: 1CVE-2014-2497 – gd: NULL pointer dereference in gdImageCreateFromXpm()
https://notcve.org/view.php?id=CVE-2014-2497
21 Mar 2014 — The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. La función gdImageCreateFromXpm en gdxpm.c en libgd, utilizado en PHP 5.4.26 y anteriores, permite a atacantes remotos causar una denegación de servicio (referencia a puntero cero y caída de aplicación) a través de una tabla de color manipulada en un archivo XPM. A NULL pointer... • http://advisories.mageia.org/MGASA-2014-0288.html • CWE-476: NULL Pointer Dereference •