CVSS: 10.0EPSS: 4%CPEs: 29EXPL: 0CVE-2014-0564 – flash-plugin: multiple code execution flaws (APSB14-22)
https://notcve.org/view.php?id=CVE-2014-0564
15 Oct 2014 — Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. Adobe Flash Player anterior a 13.0.0.250 y 14.x y 15.x anterior a 15.0.0.189 en Windows y OS X y anterior a 11.2.2... • http://helpx.adobe.com/security/products/flash-player/apsb14-22.html •
CVSS: 9.8EPSS: 91%CPEs: 29EXPL: 2CVE-2014-0569 – Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0569
14 Oct 2014 — Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de enteros en Adobe Flash Player anterior a 13.0.0.250 y 14.x y 15.x anterior a 15.0.0.189 en Windows y OS X y anterior a 11.2.202.411 en Linux, Adobe AIR anterior a 15.0.0.... • https://packetstorm.news/files/id/131382 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 0CVE-2014-7154 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7154
01 Oct 2014 — Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Condición de carrera en HVMOP_track_dirty_vram en Xen 4.0.0 hasta 4.4.x no asegura la posesión del bloqueo de guardar para el seguimiento RAM de vídeos sucios, lo que permite a dominios locales de huésped causar una denegación de servicio a través de vectores no especifi... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2014-7155 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7155
01 Oct 2014 — The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 4.4.x y anteriores no comprueba debidamente los permisos del modo de supervisor, lo que permite a usuarios locales ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2014-5459
https://notcve.org/view.php?id=CVE-2014-5459
27 Sep 2014 — The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. La clase PEAR_REST en REST.php en PEAR en PHP hasta 5.6.0 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero (1) rest.cachefile o (2) rest.cacheid en /tmp/pear/cache/, relacionado co... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-6300 – Mandriva Linux Security Advisory 2014-183
https://notcve.org/view.php?id=CVE-2014-6300
25 Sep 2014 — Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3635 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3635
17 Sep 2014 — Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. Error por un paso en D-Bus 1.3.0 hasta la versión 1.6.x en versiones anteriores a 1.6.24 y 1.8.x en versiones an... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3636 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3636
17 Sep 2014 — D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales (1) causar una denegación de servici... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-399: Resource Management Errors •