CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-1958 – Debian Security Advisory 2898-1
https://notcve.org/view.php?id=CVE-2014-1958
06 Mar 2014 — Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la función DecodePSDPixels en el archivo coders/psd.c en ImageMagick versiones anteriores a 6.8.8-5, podría permitir a atacantes remotos ejecutar código arbitrario por medio de una imagen PSD diseñada, que involucra la cadena L%06ld... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 10%CPEs: 7EXPL: 1CVE-2014-2030 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-2030
06 Mar 2014 — Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. Un desbordamiento del búfer en la región stack de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick, posiblemente versión 6.8.8-5, permite a atacantes remotos causar una denega... • https://www.exploit-db.com/exploits/31688 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2328 – sblim: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-2328
10 Feb 2014 — internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. internal/cimxml/sax/NodeFactory.java en el cliente Common Information Model (CIM) de Standards-Based Linux Instrumentation for ... • http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2191
https://notcve.org/view.php?id=CVE-2013-2191
08 Feb 2014 — python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. python-bugzilla anterior a 0.9.0 no valida los certificados X.509 , lo que permite a atacantes man-in-the-middle falsificar servidores Bugzilla a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1095
https://notcve.org/view.php?id=CVE-2012-1095
06 Feb 2014 — osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. osc anterior a 0.134 podría permitir a servidores de repositorios OBS remotos o equipos de mantenimiento de paquetes ejecutar comandos arbitrarios a través del (1) registro o (2) estado de creación manipulados que contienen una secuencia de escape para un emulador de terminal. • http://lists.opensuse.org/opensuse-updates/2012-03/msg00035.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2014-1478 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1478
06 Feb 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0 y Sea... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1480 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1480
06 Feb 2014 — The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. La implementación de descarga de archivos en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 no restringe debidamente el tiempo de las selecciones de botón, lo que permite a atacantes remotos llevar a cabo at... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1483 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1483
06 Feb 2014 — Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir Same Origin Policy y obtener información sensible usando un elemento IFRAME en conjunción con ciertas medidas d... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-1485 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1485
06 Feb 2014 — The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. La implementación de Content Security Policy (CSP) en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 opera en hojas de estilo XSLT acorde con las directivas style-src en vez de la... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2014-1490 – nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1490
06 Feb 2014 — Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Condición de carrera en libssl en Mozilla Network Security Services (NSS) ant... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •