gnupg: denial of service

By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...

libjpeg-turbo: denial of service

Special crafted jpeg files lead to stack smashing and lead to at least a dos maybe remote due to imagick. The Huffman encoder's local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block basically junk image data is being encoded. Even thou...

icecast: information leak

It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. If on-connect/on-disconnect scripts are used, file descriptors of the server process remain open and could be written to or read from. Most pressing STDIN,...

libksba: denial of service

By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...

flac: arbitrary code execution

A stack overflow and a heap overflow condition have been found in libFLAC when parsing a maliciously crafted .flac file, which may result in arbitrary code execution...

pcre: heap buffer overflow

A heap buffer overflow issue was found in PCRE when processing a specially crafted regular expression, causing a denial of service or other unspecified impact...

dbus: denial of service

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...

glibc: command execution

The wordexp function could ignore the WRDENOCMD flag under certain input conditions resulting in the execution of a shell for command substitution when the application did not request it. The implementation now checks WRDENOCMD immediately before executing the shell and returns the error WRDECMDS...

clamav: denial of service

It was discovered that clamav crashes on certain files when using 'clamscan -a' or while scanning maliciously crafted files...

chromium: multiple issues

CVE-2014-7899 address bar spoofing A flaw allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. - CVE-2014-7900 use-after-free Use-after-free vulnerability in the...

wireshark-cli: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

wireshark-gtk: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

wireshark-qt: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

arm-none-eabi-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

avr-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

mingw-w64-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

linux-lts: local denial of service, privilege escalation

CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...

ruby: denial of service

CPU exhaustion can occur as a result of recursive expansion with an empty string. When reading text nodes from an XML document, the REXML parser can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service...

linux: local denial of service, privilege escalation

CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...

imagemagick: denial of service

Converting some specially crafted jpeg with convert could lead to a dos...

php: denial of service

An out-of-bounds read flaw was found in the way the file information fileinfo extension parsed executable and linkable format ELF files...

flashplugin: remote code execution

These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2014-0573, CVE-2014-0588, CVE-2014-8438. These updates...

mantisbt: arbitrary code execution and unrestricted access

CVE-2014-7146 arbitrary code execution When importing data with the plugin, user input passed through the "description" field and the "issuelink" attribute of the uploaded XML file isn't properly sanitized before being used in a call to the pregreplace function which uses the 'e' modifier. This...

file: denial of service through out-of-bounds read

An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash...

gnutls: out-of-bounds memory write

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR resulting in heap corruption...

curl: out-of-bounds read

Symeon Paraschoudis discovered that the curleasyduphandle function has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending...

kdebase-workspace: local privilege escalation

KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. This is secured with polkit. This helper takes the name of the ntp utility to run as an argument. This allows a hacker to run any arbitrary command as root under the...

konversation: denial of service

Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...

polarssl: multiple issues

CVE-2014-8627 weak signature negotiation A mistake resulted in servers negotiating the lowest common hash from signaturealgorithms extension in TLS 1.2. - CVE-2014-8628 memory leaks Two issues were found that result in remotely triggerable memory leaks when parsing crafted ClientHello messages or...

mantisbt: sql injection

Edwin Gozeling and Wim Visser discovered that when the projectid parameter of the SOAP-request starts with the integer of a project to which the user or anonymous is authorized, the ENTIRE value will become the first item of $tprojects. As this value is concatenated in the SQL statement,...

aircrack-ng: multiple vulnerabilities

Nick Sampanis discovered the following vulnerabilities: - CVE-2014-8321 code execution and privilege escalation A stack overflow at airodump-ng gpstracker which may lead to code execution and privilege escalation. - CVE-2014-8322 remote code execution A length parameter inconsistency at aireplay...

tnftp: arbitrary command execution

A malicious webserver can trick tnftp below 20141031 via HTTP redirects into executing arbitrary commands...

wget: arbitrary filesystem access

It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. By default, when retrieving ftp directories recursively and a symbolic link is encountered, t...

ejabberd: circumvention of encryption

It was discovered that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to unexpectedly establish connections without encryption...

ctags: Denial of service

Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service...

libvncserver: remote code execution, denial of service

CVE-2014-6051 Integer overflow in MallocFrameBuffer on client side. A malicious VNC server could advertise a very large screen size by RFB protocol, width and height are 16-bit integers, resulting in an integer overflow during malloc on client-side. Heap corruption, and possibly remote code...

libxml2: Denial of service

Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...

libpurple: remote dos and information leakage

A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. A malicious server or man-in-the-middle could trigger a crash in libpurple by sending an emoticon via MXit with an...

wpa_supplicant, hostapd: Arbitrary command execution

Jouni Malinen discovered an input sanitization issue in the wpacli and hostapdcli tools included in the wpasupplicant and hostapd packages. A remote wifi system within range could provide a crafted frame triggering arbitrary command execution under the privileges of the wpacli/hostapdcli process...

drupal: pre-auth sql injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

openssl: denial of service / man-in-the-middle / poodle mitigation

SRTP Memory Leak CVE-2014-3513 -------------------------------- A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of...

zeromq: Man-in-the-middle downgrade and replay attack

CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...

rsyslog: remote denial of service

The rsyslog fix shipped in 8.4.1 for an invalid PRI value see ASA-201410-1 was incomplete, as it did not cover cases where PRI values MAXINT. These values caused an integer overflow, resulting in negative values. Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog...

mediawiki: Cross-site Scripting (XSS) and UI redressing

It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting XSS and UI redressing issues...

jenkins: multiple issues

SECURITY-87/CVE-2014-3661 anonymous DoS attack through CLI handshake This vulnerability allows unauthenticated users with access to Jenkins' HTTP/HTTPS port to mount a DoS attack on Jenkins through thread exhaustion. - SECURITY-110/CVE-2014-3662 User name discovery Anonymous users can test if the...

rsyslog: remote denial of service

Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog server accepting remote message will trigger a denial of service by crashing the rsyslog process...

libvirt: out-of-bounds read access

Luyao Huang of Red Hat found that the qemu implementation of virDomainGetBlockIoTune computed an index into the array of disks for the live definition, then used it as the index into the array of disks for the persistent definition, which could result into an out-of-bounds read access in...

mediawiki: Cross-site Scripting (XSS)

It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting...