CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH
https://notcve.org/view.php?id=CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de cliente) mediante la provocación de un valor de certificado nulo. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 0CVE-2014-3467 – libtasn1: multiple boundary check issues
https://notcve.org/view.php?id=CVE-2014-3467
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Múltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo ASN.1 manipulado. • http://advisories.mageia.org/MGASA-2014-0247.html http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2014-0594.html http://rhn.redhat.com/errata/RHSA-2014-0596.html http:/&#x • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. • http://advisories.mageia.org/MGASA-2014-0247.html http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3469 – libtasn1: asn1_read_value_type() NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. • http://advisories.mageia.org/MGASA-2014-0247.html http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2014-0594.html http://rhn.redhat.com/errata/RHSA-2014-0596.html http:/&#x • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2014-1737 – kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
https://notcve.org/view.php?id=CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. La función raw_cmd_copyin en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no maneja debidamente condiciones de error durante el procesado de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales provocar operaciones kfree y ganar privilegios mediante el aprovechamiento de acceso de escritura hacia un dispositivo /dev/fd. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3043.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html http://rhn.redhat.com/errata/RHSA-2014-0800.html http://rhn.redhat.com/errata/RHSA-2014-0801.html http://secunia.com • CWE-754: Improper Check for Unusual or Exceptional Conditions •