CVE-2014-1987
published 2014-07-20CVE-2014-1987: The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
PriorityP358critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.24%
86.7th percentile
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
| cybozu | garoon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
An Introduction to Recognizing and Decoding RC4 Encryption in Malware
blogs_talos·2014-06-03·CVSS 9.8
CVE-2014-1776 [CRITICAL] An Introduction to Recognizing and Decoding RC4 Encryption in Malware
## An Introduction to Recognizing and Decoding RC4 Encryption in Malware
There is something that we come across almost daily when we analyze malware in the VRT: RC4. We recently came across CVE-2014-1776 and like many malware samples and exploits we analyze, RC4 is used to obfuscate or encrypt what it is really doing. There are many ways to implement RC4 and it is a very simple, small algorithm. This makes it very common in the wild and in various standard applications. Open-source C implementations can be found on several websites such as Apple.com and OpenSSL.org.
## What is RC4? RC4 was designed by Ron Rivest of RSA Security in 1987. RC4 is a fast and simple stream cipher that uses a pseudo-random number generation algorithm to generate a key stream. This key stream can be used in an
Bugzilla
CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
bugzilla·2014-11-27·CVSS 6.5
CVE-2014-8092 [MEDIUM] CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
ProcPutImage(), GetHosts(), RegionSizeof(), REQUEST_FIXED_SIZE() calls do not check that their calculations for how much memory
is needed to handle the client's request have not overflowed, so can
result in out of bounds reads or writes. These calls all occur only
after a client has successfully authenticated itself.
Introduced in X11R1 (1987).
Discussion:
Created attachment 962113
0002-dix_integer_overflow_in_ProcPutImage_CVE-2014-8092_1-4.patch
---
Created attachment 962114
0003-dix_integer_overflow_in_GetHosts_CVE-2014-8092_2-4.patch
---
Created attachment 962115
0004-dix_integer_overflow_in_RegionSizeof_CVE-2014-8092_3-4.patch
---
Created attachment 962116
2014-07-20
Published