CVSS: 5.5EPSS: 37%CPEs: 13EXPL: 0CVE-2014-2270 – file: out-of-bounds access in search rules with offsets from input file
https://notcve.org/view.php?id=CVE-2014-2270
12 Mar 2014 — softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. softmagic.c en archivo anterior a 5.17 y libmagic permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria fuera de rango y caída) a través de desplazamientos (“offsets”) manipulados en el softmagic de un ejecutable PE. A denial of service flaw was found in the way ... • http://bugs.gw.com/view.php?id=313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2014-0467 – mutt: heap-based buffer overflow when parsing certain headers
https://notcve.org/view.php?id=CVE-2014-0467
12 Mar 2014 — Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Desbordamiento de buffer en copy.c en Mutt anterior a 1.5.23 permite a atacantes remotos causar una denegación de servicio (caída) a través de una línea de cabecera RFC2047 manipulada, relacionado con la expansión de dirección. Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed cer... • http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2014-2309 – Kernel: net: IPv6: crash due to router advertisement flooding
https://notcve.org/view.php?id=CVE-2014-2309
11 Mar 2014 — The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. La función ip6_route_add en net/ipv6/route.c en el kernel de Linux hasta 3.13.6 no cuenta debidamente la suma de rutas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una inundación de paquetes d... • http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-1958 – Debian Security Advisory 2898-1
https://notcve.org/view.php?id=CVE-2014-1958
06 Mar 2014 — Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la función DecodePSDPixels en el archivo coders/psd.c en ImageMagick versiones anteriores a 6.8.8-5, podría permitir a atacantes remotos ejecutar código arbitrario por medio de una imagen PSD diseñada, que involucra la cadena L%06ld... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 10%CPEs: 7EXPL: 1CVE-2014-2030 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-2030
06 Mar 2014 — Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. Un desbordamiento del búfer en la región stack de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick, posiblemente versión 6.8.8-5, permite a atacantes remotos causar una denega... • https://www.exploit-db.com/exploits/31688 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4091
https://notcve.org/view.php?id=CVE-2011-4091
10 Feb 2014 — The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. El servidor de libobby en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 no realiza autenticación antes de comprobar el nombre de usuario, lo que permite a atacantes remotos obtener información sensible tal como pa... • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4093
https://notcve.org/view.php?id=CVE-2011-4093
10 Feb 2014 — Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Desbordamiento de enteros en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 podría permitir a atacantes remotos secuestrar conexiones y ganar privilegios como otros usuarios mediante la realización de un gran número de conex... • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3Bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2328 – sblim: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-2328
10 Feb 2014 — internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. internal/cimxml/sax/NodeFactory.java en el cliente Common Information Model (CIM) de Standards-Based Linux Instrumentation for ... • http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2191
https://notcve.org/view.php?id=CVE-2013-2191
08 Feb 2014 — python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. python-bugzilla anterior a 0.9.0 no valida los certificados X.509 , lo que permite a atacantes man-in-the-middle falsificar servidores Bugzilla a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1095
https://notcve.org/view.php?id=CVE-2012-1095
06 Feb 2014 — osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. osc anterior a 0.134 podría permitir a servidores de repositorios OBS remotos o equipos de mantenimiento de paquetes ejecutar comandos arbitrarios a través del (1) registro o (2) estado de creación manipulados que contienen una secuencia de escape para un emulador de terminal. • http://lists.opensuse.org/opensuse-updates/2012-03/msg00035.html • CWE-264: Permissions, Privileges, and Access Controls •