Page 30 of 386 results (0.021 seconds)

CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 54

CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como "ShellShock." NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta. A flaw was found in the way Bash evaluated certain specially crafted environment variables. • https://github.com/darrenmartyn/visualdoor https://www.exploit-db.com/exploits/38849 https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/39918 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/40619 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/40938 https://www.exploit-db.com/exploits/34900 https • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 19%CPEs: 35EXPL: 0

CVE-2014-4342 – krb5: denial of service flaws when handling RFC 1964 tokens

https://notcve.org/view.php?id=CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) 1.7.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer o referencia a puntero nulo y caída de aplicación) mediante la inyección de tokens inválidos en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://www.debian.org/security/2014/dsa-3000 http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/68908 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 9

CVE-2014-3153 – Linux Kernel Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. La función futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a través de un comando FUTEX_REQUEUE manipulado que facilita la modificación insegura del objeto o función a la espera. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/35370 https://github.com/timwr/CVE-2014-3153 https://github.com/lieanu/CVE-2014-3153 https://github.com/elongl/CVE-2014-3153 https://github.com/zerodavinci/CVE-2014-3153-exploit https://github.com/c3c/CVE-2014-3153 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8 http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3037.html •

CVSS: 4.7EPSS: 0%CPEs: 18EXPL: 0

CVE-2014-3917 – kernel: DoS with syscall auditing

https://notcve.org/view.php?id=CVE-2014-3917

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. kernel/auditsc.c en el kernel de Linux hasta 3.14.5, cuando CONFIG_AUDITSYSCALL está habilitado con ciertas normas syscall, permite a usuarios locales obtener valores de un único bit potencialmente sensibles de la memoria del kernel o causar una denegación de servicio (OOPS) a través de un valor grande de un número syscall. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. • http://article.gmane.org/gmane.linux.kernel/1713179 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1143.html http://rhn.redhat.com/errata/RHSA-2014-1281.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60011 http://secunia.com/advisories/60564 http://www.openwall.com/lists/oss-security/2014/05/29/5 http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0

CVE-2014-0221 – openssl: DoS when sending invalid DTLS handshake

https://notcve.org/view.php?id=CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DTLS hello en una negociación DTLS inválida. A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://linux.oracle.com/errata/ELSA-2014-1053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http: • CWE-400: Uncontrolled Resource Consumption •