CVSS: 6.8EPSS: 2%CPEs: 40EXPL: 0CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) o posiblemente ejecutar código arbitrario a través de datos de vídeo H.264 manipulados en un fichero m4v. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security/2015/dsa-3225 http://www.debian.org/security/2015/dsa-3260 http://www.debian.org/security/2015/dsa-3264 http://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 2CVE-2014-8129 – libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
https://notcve.org/view.php?id=CVE-2014-8129
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. LibTIFF 4.0.3 permite que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites) u otro tipo de impacto sin especificar mediante una imagen TIFF manipulada. Esto se demuestra por el fracaso de tif_next.c a la hora de verificar que el valor de BitsPerSample es 2 y la función t2p_sample_lab_signed_to_unsigned en tiff2pdf.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2487 http://bugzilla.maptools.org/show_bug.cgi?id=2488 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT2049 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 1CVE-2014-8130 – libtiff: divide by zero in the tiffdither tool
https://notcve.org/view.php?id=CVE-2014-8130
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. La función _TIFFmalloc en tif_unix.c en LibTIFF 4.0.3 no rechaza un tamaño cero, lo que permite que atacantes remotos provoquen una denegación de servicio (error de división entre cero y cierre inesperado de la aplicación) mediante una imagen TIFF manipulada que es gestionada incorrectamente por la función TIFFWriteScanline en tif_write.c, tal y como demuestra tiffdither. • http://bugzilla.maptools.org/show_bug.cgi?id=2483 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8130 • CWE-369: Divide By Zero •
CVSS: 6.9EPSS: 0%CPEs: 39EXPL: 0CVE-2014-9529 – kernel: use-after-free during key garbage collection
https://notcve.org/view.php?id=CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción de memoria o pánico) o posiblemente tener otro impacto no especificado a través de comandos keyctl que provocan el acceso a un miembro de la estructura clave durante la recogida de basura de una clave. A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •