CVSS: 6.8EPSS: 1%CPEs: 99EXPL: 0CVE-2014-8564 – gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
https://notcve.org/view.php?id=CVE-2014-8564
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. La función _gnutls_ecc_ansi_x963_export en gnutls_ecc.c en GnuTLS 3.x anterior a 3.1.28, 3.2.x anterior a 3.2.20, y 3.3.x anterior a 3.3.10 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) a través de un certificado malicioso ECC de tipo (1) curva elíptica criptográfica o (2) peticiones de solicitudes de firma de certificado (CSR), relacionado con la generación de key IDs. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html http://rhn.redhat.com/errata/RHSA-2014-1846.html http://secunia.com/advisories/59991 http://secunia.com/advisories/62284 http://secunia.com/advisories/62294 http://www.ubuntu.com/usn/USN-2403-1 https://bugzilla.redhat.com/show_bug.cgi?id=1161443 https://access.redhat.com/security/cve/CVE-2014-8564 • CWE-122: Heap-based Buffer Overflow CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0CVE-2014-4975 – ruby: off-by-one stack-based buffer overflow in the encodes() function
https://notcve.org/view.php?id=CVE-2014-4975
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función de codificación ubicada en pack.c en Ruby 1.9.3 y anteriores, y 2.x hasta 2.1.2, cuando se utilizan ciertos especificadores de formato de cadena, permite a atacantes dependientes de contexto provocar una denegación de servicio (fallo de segmentación) a través de vectores que provocan un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2014-0472.html http://rhn.redhat.com/errata/RHSA-2014-1912.html http://rhn.redhat.com/errata/RHSA-2014-1913.html http://rhn.redhat.com/errata/RHSA-2014-1914.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778 http://www.debian.org/security/2015/dsa-3157 http://www.mandriva.com/security/advisories?name=MDVSA-2015:129 http://www.openwall.com/lists/oss-security/2014/07/09/13 http://www.oracle.com/technet • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 0CVE-2014-3640 – qemu: slirp: NULL pointer deref in sosendto()
https://notcve.org/view.php?id=CVE-2014-3640
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. La función sosendto en slirp/udp.c en QEMU anterior a 2.1.2 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo) mediante el envió de un paquete udp con un valor de 0 en el pueto y dirección de la fuente, lo que provoca el acceso a un socket no inicializado. A NULL pointer dereference flaw was found in the way QEMU handled UDP packets with a source port and address of 0 when QEMU's user networking was in use. A local guest user could use this flaw to crash the guest. • http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://www.debian.org/security/2014/dsa-3044 http://www.debian.org/security/2014/dsa-3045 http://www.ubuntu.com/usn/USN-2409-1 https://bugzilla.redhat. • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-7145 – Kernel: cifs: NULL pointer dereference in SMB2_tcon
https://notcve.org/view.php?id=CVE-2014-7145
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. La función SMB2_tcon en fs/cifs/smb2pdu.c en el kernel de Linux anterior a 3.16.3 permite a servidores remotos CIFS causar una denegación de servicio (referencia a puntero nulo y caída del sistema cliente) o posiblemente tener otro impacto no especificado mediante la eliminación de el compartido IPC$ durante la resolución de las referencias DFS. A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=18f39e7be0121317550d03e267e3ebd4dbfbb3ce http://rhn.redhat.com/errata/RHSA-2015-0102.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/22/4 http://www.securityfocus.com/bid/69867 http://www.ubuntu.com/usn/USN-2394-1 https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce https://access.redhat.com/security/cve& • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 4.0EPSS: 0%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a través de un reino (realm) de la autenticación manipulado. It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60722 http://subversion.apache.org/security/CVE-2014-3528-advisory.txt http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html ht • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •