CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 70%CPEs: 49EXPL: 7CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
06 May 2014 — The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo... • https://packetstorm.news/files/id/126603 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 3%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
11 Mar 2014 — The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no v... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 5%CPEs: 249EXPL: 0CVE-2013-5843 – JDK: unspecified vulnerability fixed in 7u45 (2D)
https://notcve.org/view.php?id=CVE-2013-5843
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE v7u40 y anteriores, Java SE v6u60 y anteriores, Java SE v5.0u51 y anteriores, JavaFX v2.2.40 y anteriores, y Java SE Embedded v7u40 y anteriores permite a atacantes rem... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 10.0EPSS: 7%CPEs: 253EXPL: 0CVE-2013-5829 – Oracle Java FileImageInputStream Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5829
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. Vulnerabilidad no especificada en Oracle Java SE 7u40 y versiones anteriores, Java SE 6u60 y versiones anteriores, Java SE 5.0u51 y versiones anteriores y Java SE Embedded 7u40 y versiones anteriore... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 10.0EPSS: 6%CPEs: 254EXPL: 0CVE-2013-5830 – Oracle Java LDAP Deserialization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5830
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE v7u40 y anteriores, Java SE v6u60 y anteriores, Java SE v5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y ante... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 10.0EPSS: 17%CPEs: 253EXPL: 1CVE-2013-5842 – Oracle Java ObjectOutputStream Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5842
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. Vulnerabilidad no especificada en Oracle Java SE 7u40 y versiones anteriores, Java SE 6u60 y versiones anteriores, Java SE 5.0u51 y versiones anteriores y Java SE Embedded 7u40 y versiones an... • https://github.com/guhe120/CVE-2013-5842 •
CVSS: 7.5EPSS: 40%CPEs: 23EXPL: 1CVE-2013-1896 – httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
https://notcve.org/view.php?id=CVE-2013-1896
10 Jul 2013 — mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. mod_dav.c en el Apache HTTP Server anterior a 2.2.25 no determina adecuadamente si DAV está activado para URI, lo que permite a atacantes remotos provocar una dene... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html •
CVSS: 9.3EPSS: 45%CPEs: 34EXPL: 3CVE-2013-1690 – Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-1690
25 Jun 2013 — Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior ... • https://packetstorm.news/files/id/122750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •