CVSS: 4.3EPSS: 2%CPEs: 24EXPL: 1CVE-2014-9670 – freetype: integer overflow in pcf_get_encodings() leading to NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-9670
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. Múltiples erroes de signo de enteros en la función pcf_get_encodings en pcf/pcfread.c en FreeType anterior a 2.5.4 permiten a atacantes remotos causar una denegación de servicio (desbordamiento de enteros, referencia a puntero nulo y caída de aplicación) a través de un fichero PCF manipulado que especifica valores negativos para la primera columna y la primera fila. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=158 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-189: Numeric Errors CWE-476: NULL Pointer Dereference •
CVSS: 5.8EPSS: 2%CPEs: 5EXPL: 2CVE-2015-1038
https://notcve.org/view.php?id=CVE-2015-1038
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. p7zip 9.20.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un archivo. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173245.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174245.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00000.html http://www.debian.org/security/2015/dsa-3289 http://www.openwall.com/lists/oss-security/2015/01/11/2 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/71890 https://bugs.debian.org/cgi-bin/bugreport.cg • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (caída del demonio) a través de una consulta LDAP con éxito pero sin resultados, tal y como fue demostrado mediante el uso de un tipo de objeto incorrecto para una política de contraseñas. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. • http://advisories.mageia.org/MGASA-2014-0536.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71679 http://www.sec • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 160EXPL: 0CVE-2014-8094 – xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()
https://notcve.org/view.php?id=CVE-2014-8094
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. Desbordamiento de enteros en la función ProcDRI2GetBuffers en la extensión DRI2 en X.Org Server (también conocido como xserver y xorg-server) 1.7.0 hasta 1.16.x anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada, lo que provoca una lectura o escritura fuera de rango. An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71601 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09 https://security.gentoo.org/glsa/201504-06 https://access.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0397
https://notcve.org/view.php?id=CVE-2014-0397
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors." Múltiples vulnerabilidades no especificadas en libXtsol en Oracle Solaris 10 y 11.1 tienen un impacto no especificado y vectores de ataque relacionados con 'errores de buffer.' • http://www.securityfocus.com/bid/65819 https://blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors https://exchange.xforce.ibmcloud.com/vulnerabilities/91482 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •