CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-9092 – Mandriva Linux Security Advisory 2015-014
https://notcve.org/view.php?id=CVE-2014-9092
08 Jan 2015 — libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. libjpeg-turbo en versiones anteriores a la 1.3.1 permite que atacantes remotos causen una denegación de servicio (cierre inesperado) mediante un archivo JPEG manipulado, relacionado con el marcador Exif. USN-3706-1 fixed a vulnerability in libjpeg-turbo. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libjpeg-turbo incorrectly... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147315.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1425 – Ubuntu Security Notice USN-2451-1
https://notcve.org/view.php?id=CVE-2014-1425
06 Jan 2015 — cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. cmanager 0.32 no fuerza correctamente el anidado cuando modifique las propiedades cgroup, lo que permite a usuarios locales configurar los valores cgroup para todos los cgroups a través de vectores no especificados. Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local at... • http://www.ubuntu.com/usn/USN-2451-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 25EXPL: 0CVE-2014-9221 – Ubuntu Security Notice USN-2450-1
https://notcve.org/view.php?id=CVE-2014-9221
05 Jan 2015 — strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. strongSwan 4.5.x hasta 5.2.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero inválido) a través de un mensaje IKEv2 Key Exchange (KE) manipulado con el grupo Diffie-Hellman (DH) 1025. Mike Daskalakis discovered that strongSwan incorrectly handled IK... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 26%CPEs: 17EXPL: 0CVE-2014-8109 – Ubuntu Security Notice USN-2523-1
https://notcve.org/view.php?id=CVE-2014-8109
29 Dec 2014 — mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a se... • http://advisories.mageia.org/MGASA-2015-0011.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 0CVE-2014-8132 – Mandriva Linux Security Advisory 2015-020
https://notcve.org/view.php?id=CVE-2014-8132
29 Dec 2014 — Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Vulnerabilidad de doble liberación en la función ssh_packet_kexinit en kex.c en libssh 0.5.x y 0.6.x anterior a 0.6.4 permite a atacantes remotos causar una denegación de servicio a través del paquete modificado kexinit. When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and t... • http://advisories.mageia.org/MGASA-2015-0014.html •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-8136 – libvirt: local denial of service in qemu/qemu_driver.c
https://notcve.org/view.php?id=CVE-2014-8136
19 Dec 2014 — The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Las funciones (1) qemuDomainMigratePerform y (2) qemuDomainMigrateFinish2 en qemu/qemu_driver.c en libvirt no desbloquea el dominio cuando una comprobación de ACL falla, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores sin especifica... • http://advisories.mageia.org/MGASA-2015-0002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
16 Dec 2014 — The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) a... • http://advisories.mageia.org/MGASA-2014-0536.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2014-9323 – Debian Security Advisory 3109-1
https://notcve.org/view.php?id=CVE-2014-9323
16 Dec 2014 — The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. La función xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo, fallo de segmentación y caída) a través de una acción op_response con un estado 'no vacío'... • http://advisories.mageia.org/MGASA-2014-0523.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 19%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
15 Dec 2014 — The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8134 – kernel: x86: espfix not working for 32-bit KVM paravirt guests
https://notcve.org/view.php?id=CVE-2014-8134
12 Dec 2014 — The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. La función paravirt_ops_setup en arch/x86/kernel/kvm.c en el kernel de Linux hasta 3.18 utiliza una configuración paravirt_enabled indebida para los kernels KVM invitados, lo que facilita a usuarios invitados del sistema op... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html •