CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-9644 – kernel: crypto api unprivileged arbitrary module load via request_module()
https://notcve.org/view.php?id=CVE-2014-9644
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con una expresión de plantilla de módulos entre paréntesis en el campo salg_name, tal y como fue demostrado por la expresión vfat(aes), una vulnerabilidad diferente a CVE-2013-7421. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4943ba16bbc2db05115707b3ff7b4874e9e3c560 http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 14%CPEs: 7EXPL: 1CVE-2015-1351 – php: use after free in opcache extension
https://notcve.org/view.php?id=CVE-2015-1351
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/to • CWE-416: Use After Free •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 20CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores relacionados con la funciín (1) gethostbyname o (2) gethostbyname2, también conocido como 'GHOST.' A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. • https://www.exploit-db.com/exploits/35951 https://www.exploit-db.com/exploits/36421 https://github.com/aaronfay/CVE-2015-0235-test https://github.com/makelinux/CVE-2015-0235-workaround https://github.com/sUbc0ol/CVE-2015-0235 https://github.com/mikesplain/CVE-2015-0235-cookbook https://github.com/tobyzxj/CVE-2015-0235 https://github.com/adherzog/ansible-CVE-2015-0235-GHOST http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux http:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-0564 – wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)
https://notcve.org/view.php?id=CVE-2015-0564
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. Desbordamiento de buffer en la función ssl_decrypt_record en epan/dissectors/packet-ssl-utils.c en Wireshark 1.10.x anterior a 1.10.12 y 1.12.x anterior a 1.12.3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado que se maneja incorrectamente durante la descifrado de una sesión SSL. • http://advisories.mageia.org/MGASA-2015-0019.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html http://rhn.redhat.com/errata/RHSA-2015-1460.html http://secunia.com/advisories/62612 http://secunia.com/advisories/62673 http://www.debian.org/security/2015/dsa-3141 http://www.mandriva.com/security/advisories?name=MDVSA-2015:022 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 2.1EPSS: 0%CPEs: 41EXPL: 0CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una imagen iso9660 manipulada. An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.o • CWE-20: Improper Input Validation •