CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 1CVE-2015-5917
https://notcve.org/view.php?id=CVE-2015-5917
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. La implementación de glob en tnftpd (anteriormente lukemftpd), tal como se utiliza en Apple OS X en versiones anteriores a 10.11 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria e interrupción de demonio) a través de un comando STAT que contiene un patrón manipulado, según lo demostrado por múltiples casos de la subcadena {..,..,..}/*. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://cxsecurity.com/issue/WLB-2013040082 https://support.apple.com/HT205267 https://www.youtube.com/watch?v=MBK4QYkUm10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7250
https://notcve.org/view.php?id=CVE-2014-7250
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. La pila de TCP en 4.3BSD Net/2, utilizado en FreeBSD 5.4, NetBSD posiblemente 2.0, y OpenBSD posiblemente 3.6, no implementa correctamente el temporizador de la sesión, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de paquetes manipulados. • http://jvn.jp/en/jp/JVN07930208/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 95%CPEs: 25EXPL: 3CVE-2014-8517 – tnftp "savefile" Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2014-8517
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final de una redirección HTTP. • https://www.exploit-db.com/exploits/35427 https://www.exploit-db.com/exploits/43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464 http://secunia.com/advisories/62028 http://secunia.com/advisories/62260 http://support. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5384
https://notcve.org/view.php?id=CVE-2014-5384
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. El módulo VIQR en la implementación iconv en FreeBSD 10.0 anterior a p6 y NetBSD permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a array fuera de rango) a través de un argumento manipulado en la función iconv_open. NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-3951 por ADT2 debido a diferentes tipos de vulnerabilidad. • http://mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc http://www.securitytracker.com/id/1030458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •