CVE-2014-2494 – mysql: unspecified vulnerability related to ENARC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-2494
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con ENARC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http: •
CVE-2014-2978
https://notcve.org/view.php?id=CVE-2014-2978
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. La función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.4 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca una escritura fuera de rango. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/10 https://security.gentoo.org/glsa/201701-55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-2977
https://notcve.org/view.php?id=CVE-2014-2977
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. Múltiples errores de sino de enteros en la función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.13 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/9 https://security.gentoo.org/glsa/201701-55 • CWE-189: Numeric Errors •
CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH
https://notcve.org/view.php?id=CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de cliente) mediante la provocación de un valor de certificado nulo. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html • CWE-476: NULL Pointer Dereference •
CVE-2014-0221 – openssl: DoS when sending invalid DTLS handshake
https://notcve.org/view.php?id=CVE-2014-0221
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DTLS hello en una negociación DTLS inválida. A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://linux.oracle.com/errata/ELSA-2014-1053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http: • CWE-400: Uncontrolled Resource Consumption •