CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http: •
CVE-2014-3790 – VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-3790
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Ruby vSphere Console (RVC) en VMware vCenter Server Appliance permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root mediante la evasión de una jaula chroot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console (RVC) provided by the vCenter Server Appliance. Commands can be run in a privileged context allowing an attacker to break-out of a chroot jail. • http://secunia.com/advisories/58823 http://www.securityfocus.com/bid/67756 http://www.securitytracker.com/id/1030436 http://zerodayinitiative.com/advisories/ZDI-14-159 • CWE-264: Permissions, Privileges, and Access Controls •