Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-05-11 | CVE-2014-1738 | The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. | Debian_linux, Linux_kernel, Linux, Enterprise_linux_eus, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A | ||
2014-05-11 | CVE-2014-3144 | The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. | Ubuntu_linux, Debian_linux, Linux_kernel, Linux | N/A | ||
2014-05-11 | CVE-2014-3145 | The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. | Ubuntu_linux, Debian_linux, Linux_kernel, Linux | N/A | ||
2014-06-25 | CVE-2014-4617 | The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. | Debian_linux, Gnupg, Opensuse | N/A | ||
2014-07-03 | CVE-2014-4667 | The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. | Ubuntu_linux, Debian_linux, Linux_kernel, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A | ||
2014-07-09 | CVE-2014-3515 | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. | Debian_linux, Php | N/A | ||
2014-07-20 | CVE-2014-0118 | The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. | Http_server, Debian_linux, Jboss_enterprise_application_platform | N/A | ||
2014-07-20 | CVE-2014-0226 | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | Http_server, Debian_linux, Enterprise_manager_ops_center, Http_server, Secure_global_desktop, Jboss_enterprise_application_platform | N/A | ||
2014-07-20 | CVE-2014-3160 | The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | Debian_linux, Chrome | N/A | ||
2014-07-20 | CVE-2014-3162 | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | Debian_linux, Chrome | N/A |