CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2014-1557 – Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64)
https://notcve.org/view.php?id=CVE-2014-1557
22 Jul 2014 — The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. La función ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4911 – Debian Security Advisory 2981-1
https://notcve.org/view.php?id=CVE-2014-4911
20 Jul 2014 — The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. La función ssl_decrypt_buf en library/ssl_tls.c en PolarSSL anterior a 1.2.11 y 1.3.x anterior a 1.3.8 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con los suites de cifrado GCM, tal y como f... • http://secunia.com/advisories/60215 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-1737 – kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
https://notcve.org/view.php?id=CVE-2014-1737
11 May 2014 — The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. La función raw_cmd_copyin en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no maneja debidamente condiciones de error durante el procesado de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1738 – kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
https://notcve.org/view.php?id=CVE-2014-1738
11 May 2014 — The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. La función raw_cmd_copyout en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no restringe debidamente acceso a ciertos punteros durante el procesamiento de una llamada FDRAWCMD ioctl,... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 70%CPEs: 49EXPL: 7CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
06 May 2014 — The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo... • https://packetstorm.news/files/id/126603 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 30%CPEs: 13EXPL: 0CVE-2014-0198 – openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
https://notcve.org/view.php?id=CVE-2014-0198
05 May 2014 — The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. La función do_ssl3_write en s3_pkt.c en OpenSSL 1.x hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, no maneja debidamente un puntero de buffer durante ciertas... • http://advisories.mageia.org/MGASA-2014-0204.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2983 – Debian Security Advisory 2913-1
https://notcve.org/view.php?id=CVE-2014-2983
23 Apr 2014 — Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. Drupal 6.x anterior a 6.31 y 7.x anterior a 7.27 no aísla debidamente los datos en caché de usuarios anónimos diferentes, lo que permite a usuarios remotos anónimos obtener información sensible de entradas de formularios parciales en situaciones oportunista... • http://www.debian.org/security/2014/dsa-2913 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 0CVE-2014-2414 – OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)
https://notcve.org/view.php?id=CVE-2014-2414
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JAXB. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 10.0EPSS: 8%CPEs: 22EXPL: 0CVE-2014-2421 – Oracle Java JPEG Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2421
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JavaFX 2.2.51; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote ... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 0CVE-2014-2423 – OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
https://notcve.org/view.php?id=CVE-2014-2423
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JAX-WS, una vulnerabilidad diferen... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •