8 matches found
DEBIAN-CVE-2014-9112
Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive...
DEBIAN-CVE-2014-8769
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service packet loss or segmentation fault via a crafted Ad hoc On-Demand Distance Vector AODV packet, which triggers an out-of-bounds memory access...
DEBIAN-CVE-2014-3696
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via a crafted server message that triggers a large memory allocation...
DEBIAN-CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM attacks...
DEBIAN-CVE-2014-1724
Use-after-free vulnerability in Freebsoft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service application hang or possibly have unspecified other impact via a text-to-speech request...
DEBIAN-CVE-2014-1839
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...
DEBIAN-CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
DEBIAN-CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...