11 matches found
DEBIAN-CVE-2014-8140
Heap-based buffer overflow in the testcompreb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command...
DEBIAN-CVE-2014-5012
DOMPDF before 0.6.2 allows denial of service...
DEBIAN-CVE-2014-9813
ImageMagick allows remote attackers to cause a denial of service application crash via a crafted viff file...
DEBIAN-CVE-2014-8111
Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...
DEBIAN-CVE-2014-8094
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server aka xserver and xorg-server 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request, which triggers an...
DEBIAN-CVE-2014-8503
Stack-based buffer overflow in the ihexscan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a crafted ihex file...
DEBIAN-CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
DEBIAN-CVE-2014-6540
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver WDDM for Windows guests...
DEBIAN-CVE-2014-5269
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...
DEBIAN-CVE-2014-0475
Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other locale environment variable...
DEBIAN-CVE-2014-3479
The cdfcheckstreamoffset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service application crash via a crafted stream offset in a CDF...