CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2014-3637 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3637
17 Sep 2014 — D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra correctamente las conexiones para procesos que hayan terminado, lo que permite a usuarios locales causar una denegación de servicio a través de un mensaje D-bus que contiene un de... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3638 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3638
17 Sep 2014 — The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. La función bus_connections_check_reply en config-parser.c en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 permite a usuarios locales causar una denegación de servicio (consumo de CPU) a través de un número grande de llamadas de métodos. Simon McVittie discovered that DBus incorrectly handled the fil... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3639 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3639
17 Sep 2014 — The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. El demonio de dbus en D-Bus anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra debidamente conexiones antiguas, lo que permite a usuarios locales causar una denegación de servicio (conexiones consumo incompleto y prevención de nuevas con... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 67EXPL: 0CVE-2014-0553 – flash-plugin: multiple code execution or security bypass flaws (APSB14-21)
https://notcve.org/view.php?id=CVE-2014-0553
10 Sep 2014 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.244 y 14.x y 15.x anterior a 15.0.0.152... • http://helpx.adobe.com/security/products/flash-player/apsb14-21.html •
CVSS: 9.8EPSS: 3%CPEs: 94EXPL: 0CVE-2013-4540 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4540
08 Sep 2014 — Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. Desbordamiento de buffer en scoop_gpio_handler_update en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un valor (1) prev_level, (2) gpio_level, o (3) gpio_dir grande en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplu... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 22%CPEs: 16EXPL: 2CVE-2014-5461 – Gentoo Linux Security Advisory 202305-23
https://notcve.org/view.php?id=CVE-2014-5461
02 Sep 2014 — Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. Desbordamiento de buffer en las funciones vararg en ldo.c en Lua 5.1 hasta 5.2.x anterior a 5.2.3 permite a atacantes dependientes de contexto causar una denegación de servicio (caída) a través de un número pequeño de argumentos en una función con un número grande de... • http://advisories.mageia.org/MGASA-2014-0414.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-1553 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1553
02 Sep 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 permiten a atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2014-1563 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1563
02 Sep 2014 — Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. Vulnerabilidad de uso después de liberación en la función mozilla::DOMSVGLength::GetTearOff en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anter... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 15%CPEs: 8EXPL: 2CVE-2014-1564 – Mozilla Firefox 9.0.1 / Thunderbird 3.1.20 - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-1564
02 Sep 2014 — Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 no inicializa debidamente la memoria para la renderización GIF, lo que permite a atac... • https://packetstorm.news/files/id/128132 • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 1%CPEs: 85EXPL: 0CVE-2014-3168 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3168
27 Aug 2014 — Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado media... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •