CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-8130 – libtiff: divide by zero in the tiffdither tool
https://notcve.org/view.php?id=CVE-2014-8130
30 Mar 2015 — The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. La función _TIFFmalloc en tif_unix.c en LibTIFF 4.0.3 no rechaza un tamaño cero, lo que permite que atacantes remotos provoquen una denegación de servicio (error de división entre cero y cierre ines... • http://bugzilla.maptools.org/show_bug.cgi?id=2483 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 3%CPEs: 34EXPL: 0CVE-2014-8160 – kernel: iptables restriction bypass if a protocol handler kernel module not loaded
https://notcve.org/view.php?id=CVE-2014-8160
26 Feb 2015 — net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. net/netfilter/nf_conntrack_proto_generic.c en el kernel de Linux anterior a 3.18 genera entradas conntrack incorrectas durante el manejo de ciertos juegos de reglas iptables para los protocolos... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2015-0374 – mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0374
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores y 5.6.21 y anteriores permite a usuarios remotos autenticados to afectar la confidencialidad a través de vectores desconocidos relacionados con Server : Security : Privileges : Foreign Key. Multiple security is... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html •
CVSS: 9.1EPSS: 5%CPEs: 35EXPL: 0CVE-2015-0381 – mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0381
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores y 5.6.21 y anteriores permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Replication, una vulnerabilidad diferente a CVE-2015-0382. Multip... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html •
CVSS: 9.1EPSS: 4%CPEs: 35EXPL: 0CVE-2015-0382 – mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0382
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores y 5.6.21 y anteriores permita a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Replication, una vulnerabilidad diferente a CVE-2015-0381. Multip... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2015-0391 – mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0391
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.38 y anteriores y 5.6.19 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and li... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html •
CVSS: 9.1EPSS: 0%CPEs: 32EXPL: 0CVE-2014-6568 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2014-6568
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores, y 5.6.21 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : InnoDB : DML. Multiple security issues were discovered in MySQL and this update includes a new upstream M... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2014-9529 – kernel: use-after-free during key garbage collection
https://notcve.org/view.php?id=CVE-2014-9529
09 Jan 2015 — Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 0CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
09 Jan 2015 — The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 1CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
09 Jan 2015 — The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de ... • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 •