CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 1CVE-2014-0223 – Qemu: qcow1: validate image size to avoid out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2014-0223
23 Jul 2014 — Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un tamaño grande de imagen, lo que provoca un ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2014-4243 – mysql: unspecified vulnerability related to ENFED (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4243
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.35 y anteriores y 5.6.15 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con ENFED. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MyS... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-2484
https://notcve.org/view.php?id=CVE-2014-2484
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remoto autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con SRFTS. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2014-4214
https://notcve.org/view.php?id=CVE-2014-4214
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SRSP. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-4260 – mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4260
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores, permite a usuarios remotos autenticados afectar la integridad y disponibilidad a través de vectores relacionados con SRCHAR. Multiple security issues were discovered in MySQL... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2494 – mysql: unspecified vulnerability related to ENARC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-2494
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con ENARC. Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix th... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4207 – mysql: unspecified vulnerability related to SROPTZR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4207
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SROPTZR. Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fi... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 4CVE-2014-4943 – Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
https://notcve.org/view.php?id=CVE-2014-4943
17 Jul 2014 — The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. La funcionalidad PPPoL2TP en net/l2tp/l2tp_ppp.c en el kernel de Linux hasta 3.15.6 permite a usuarios locales ganar privilegios mediante el aprovechamiento de diferencias de la estructura de datos entre un socket l2tp y un socket inet. A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsock... • https://packetstorm.news/files/id/130592 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. Multiple sec... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 7.5EPSS: 10%CPEs: 8EXPL: 0CVE-2014-4667 – kernel: sctp: sk_ack_backlog wrap-around problem
https://notcve.org/view.php?id=CVE-2014-4667
03 Jul 2014 — The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. La función sctp_association_free en net/sctp/associola.cen en el kernel de Linux anterior a 3.15.2 no gestiona debidamente cierto valor de backlogs, lo que permite a atacantes remotos causar una denegación de servicio (interrupción del socket) mediante un paquete SCT... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee • CWE-190: Integer Overflow or Wraparound •