CVSS: 7.8EPSS: 11%CPEs: 7EXPL: 3CVE-2014-9402 – glibc: denial of service in getnetbyname function
https://notcve.org/view.php?id=CVE-2014-9402
24 Feb 2015 — The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos cau... • https://packetstorm.news/files/id/154361 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 4CVE-2015-1197 – Zimbra Collaboration Suite TAR Path Traversal
https://notcve.org/view.php?id=CVE-2015-1197
16 Feb 2015 — cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. cpio 2.11, cuando utiliza la opción --no-absolute-filenames, permite a usuarios locales escribir ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en un archivo. Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tr... • https://packetstorm.news/files/id/169458 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-1345 – grep: heap buffer overrun
https://notcve.org/view.php?id=CVE-2015-1345
12 Feb 2015 — The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. La función bmexec_trans en kwset.c en grep 2.19 hasta 2.21 permite a usuarios locales causar una denegación de servicio (lectura de la memoria dinámica fuera de rango y caída) a través de entradas manipuladas cuando se utiliza la opción -F. A heap-based buffer overflow flaw was found in the way grep processed certain pa... • http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 39CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-1196 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1196
21 Jan 2015 — GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un fichero del parche. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubu... • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 4CVE-2014-9471 – Ubuntu Security Notice USN-2473-1
https://notcve.org/view.php?id=CVE-2014-9471
15 Jan 2015 — The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. La función parse_datetime en GNU coreutils permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena de datos manipulada, tal y como fue demostrado por la cadena '--date=TZ='123'345'... • http://advisories.mageia.org/MGASA-2015-0029.html •
CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 2CVE-2014-8738 – binutils: out of bounds memory write
https://notcve.org/view.php?id=CVE-2014-8738
14 Jan 2015 — The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. La función _bfd_slurp_extended_name_table en bfd/archive.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura inválida, fallo de segmentación y caída) a través de una tabla extendida de nombres manipulada en un ar... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8485 – binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
https://notcve.org/view.php?id=CVE-2014-8485
09 Dec 2014 — The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. La función setup_group en bfd/elf.c en libbfd en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cabeceras de grupo de sección manipuladas en un fichero ELF. A buffer overflow f... • http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8503 – binutils: stack overflow in objdump when parsing specially crafted ihex file
https://notcve.org/view.php?id=CVE-2014-8503
09 Dec 2014 — Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. Desbordamiento de buffer basado en pila en la función ihex_scan en bfd/ihex.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente tener otro impacto no especificado a través de un fichero ihex manipulado. A stack-ba... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8501 – binutils: out-of-bounds write when parsing specially crafted PE executable
https://notcve.org/view.php?id=CVE-2014-8501
09 Dec 2014 — The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. La función _bfd_XXi_swap_aouthdr_in en bfd/peXXigen.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) y posiblemente tener otro impacto no especificado... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •