CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 1CVE-2014-0222 – Qemu: qcow1: validate L2 table size to avoid integer overflows
https://notcve.org/view.php?id=CVE-2014-0222
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegación de servicio (caída) a través de una tabla L2 grande en un imagen QCOW versión 1. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://www.debian.org/security/2014/dsa-3044 http://www.securityfocus.com/bid/67357 https://lists.gnu.org/archive/html/qemu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2014-4260 – mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4260
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores, permite a usuarios remotos autenticados afectar la integridad y disponibilidad a través de vectores relacionados con SRCHAR. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •
CVSS: 3.3EPSS: 0%CPEs: 21EXPL: 0CVE-2014-4214
https://notcve.org/view.php?id=CVE-2014-4214
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SRSP. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68607 http://www.securitytracker.com/id/1030578 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94627 •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4207 – mysql: unspecified vulnerability related to SROPTZR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4207
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SROPTZR. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •