VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2014-8542Nov 5, 2014
    risk 0.00cvss epss 0.02

    libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

  • CVE-2014-8541Nov 5, 2014
    risk 0.00cvss epss 0.02

    libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have…

  • CVE-2014-3710Nov 5, 2014
    risk 0.00cvss epss 0.14

    The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…

  • CVE-2014-3660Nov 4, 2014
    risk 0.00cvss epss 0.04

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…

  • CVE-2014-8080Nov 3, 2014
    risk 0.00cvss epss 0.05

    The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

  • CVE-2014-3615Nov 1, 2014
    risk 0.00cvss epss 0.00

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • CVE-2014-3694Oct 29, 2014
    risk 0.00cvss epss 0.02

    The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…

  • CVE-2014-3564Oct 20, 2014
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line…

  • CVE-2014-3686Oct 16, 2014
    risk 0.00cvss epss 0.05

    wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

  • CVE-2014-1829Oct 15, 2014
    risk 0.00cvss epss 0.02

    Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

  • CVE-2014-7230Oct 8, 2014
    risk 0.00cvss epss 0.00

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

  • CVE-2014-7204Oct 7, 2014
    risk 0.00cvss epss 0.04

    jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

  • CVE-2014-3565Oct 7, 2014
    risk 0.00cvss epss 0.05

    snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…

  • CVE-2014-6054Oct 6, 2014
    risk 0.00cvss epss 0.06

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)…

  • CVE-2014-3633Oct 6, 2014
    risk 0.00cvss epss 0.03

    The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query,…

  • CVE-2014-6414Oct 2, 2014
    risk 0.00cvss epss 0.02

    OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

  • CVE-2014-3621Oct 2, 2014
    risk 0.00cvss epss 0.02

    The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

  • CVE-2014-7145Sep 28, 2014
    risk 0.00cvss epss 0.04

    The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS…

  • CVE-2014-6418Sep 28, 2014
    risk 0.00cvss epss 0.05

    net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph…

  • CVE-2014-6416Sep 28, 2014
    risk 0.00cvss epss 0.06

    Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

Page 66 of 95