CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8155 – gnutls: gnutls does not perform date/time checks on CA certificates
https://notcve.org/view.php?id=CVE-2014-8155
23 Mar 2015 — GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. Vulnerabilidad en GnuTLS en versiones anteriores a 2.9.10, no verifica las fechas de activación y expiración de certificados CA, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un certificado expedido por un certificado CA que (1) aún n... • http://rhn.redhat.com/errata/RHSA-2015-1457.html • CWE-17: DEPRECATED: Code CWE-325: Missing Cryptographic Step •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0282 – gnutls: RSA PKCS#1 signature verification forgery
https://notcve.org/view.php?id=CVE-2015-0282
16 Mar 2015 — GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. GnuTLS anterior a 3.1.0 no verifica que el algoritmo de firmas RSA PKCS #1 coincide con el algoritmo de firmas en el certificado, lo que permite a atacantes remotos realizar ataques de degradación a través de vectores no especificados. It was found that GnuTLS did not verify whether a hashing algor... • http://rhn.redhat.com/errata/RHSA-2015-1457.html • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0294 – gnutls: certificate algorithm consistency checking issue
https://notcve.org/view.php?id=CVE-2015-0294
16 Mar 2015 — GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. GnuTLS versiones anteriores a 3.3.13, no comprueba que los algoritmos de firma coincidan cuando se importa un certificado. It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. The GnuTLS library provides support for crypto... • http://www.debian.org/security/2015/dsa-3191 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 2CVE-2014-8121 – glibc: Unexpected closing of nss_files databases after lookups causes denial of service
https://notcve.org/view.php?id=CVE-2014-8121
05 Mar 2015 — DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba cor... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0CVE-2014-9637 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2014-9637
02 Mar 2015 — GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the p... • http://advisories.mageia.org/MGASA-2015-0068.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1395 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1395
02 Mar 2015 — Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2013-7423 – glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
https://notcve.org/view.php?id=CVE-2013-7423
24 Feb 2015 — The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar cons... • https://packetstorm.news/files/id/164014 • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1473 – glibc: Stack-overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1473
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (ta... • http://openwall.com/lists/oss-security/2015/02/04/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2013-7424 – glibc: Invalid-free when using getaddrinfo()
https://notcve.org/view.php?id=CVE-2013-7424
24 Feb 2015 — The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una d... • http://rhn.redhat.com/errata/RHSA-2015-1627.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 2CVE-2015-1472 – glibc: heap buffer overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1472
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera co... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •