CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 0CVE-2014-3192 – chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3192
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://support.apple.com/HT204243 http://support.apple.com/HT204245 http:/& • CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a través de un reino (realm) de la autenticación manipulado. It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60722 http://subversion.apache.org/security/CVE-2014-3528-advisory.txt http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html ht • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2014-4656 – Kernel: ALSA: control: integer overflow in id.index & id.numid
https://notcve.org/view.php?id=CVE-2014-4656
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. Múltiples desbordamientos de enteros en sound/core/control.c de la implementación del control de ALSA en el kernel de Linux anterior a 3.15.2 permite a usuarios locales causar una denegación de servicio mediante el aprovechamiento de acceso /dev/snd/controlCX, relacionado con (1) valores de indice en la función snd_ctl_add y valores (2) numid en la función snd_ctl_remove_numid_conflict. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=883a1d49f0d77d30012f114b2e19fc141beb3e8e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ac902c112d90a89e59916f751c2745f4dbdbb4bd http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://rhn.redhat.com/errata/RHSA-2015-0087.html http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://s • CWE-190: Integer Overflow or Wraparound •