CVE-2014-3707 – curl: incorrect handle duplication after COPYPOSTFIELDS
https://notcve.org/view.php?id=CVE-2014-3707
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que permite a servidores web remotos leer información sensible de la memoria. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. • http://curl.haxx.se/docs/adv_20141105.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.debian.org/security/2014/dsa-3069 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVE-2014-4269
https://notcve.org/view.php?id=CVE-2014-4269
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270. Vulnerabilidad no especificada en el componente Hyperion Common Admin en Oracle Hyperion 11.1.2.2 y 11.1.2.3 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con la interfaz de usuario, una vulnerabilidad diferente a CVE-2014-4270. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59289 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68577 http://www.securitytracker.com/id/1030579 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94566 •
CVE-2014-4246
https://notcve.org/view.php?id=CVE-2014-4246
Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP. Vulnerabilidad no especificada en el componente Hyperion Analytic Provider Services en Oracle Hyperion 11.1.2.2 y 11.1.2.3 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con SVP. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59303 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68586 http://www.securitytracker.com/id/1030579 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94567 •
CVE-2014-4271
https://notcve.org/view.php?id=CVE-2014-4271
Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent. Vulnerabilidad no especificada en el componente Hyperion en Oracle Hyperion 11.1.2.2 y 11.1.2.3 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con el Agent • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59241 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68572 http://www.securitytracker.com/id/1030579 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94562 •
CVE-2014-4270
https://notcve.org/view.php?id=CVE-2014-4270
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4269. Vulnerabilidad no especificada en el componente Hyperion Common Admin en Oracle Hyperion 11.1.2.2 y 11.1.2.3 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con la interfaz de usuario, una vulnerabilidad diferente a CVE-2014-4269. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59289 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68600 http://www.securitytracker.com/id/1030579 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94565 •