Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:13.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9658 |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Published: February 08, 2015; 6:59:20 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9657 |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Published: February 08, 2015; 6:59:19 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9656 |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. Published: February 08, 2015; 6:59:15 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1212 |
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: February 06, 2015; 6:59:10 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1211 |
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. Published: February 06, 2015; 6:59:09 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1210 |
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: February 06, 2015; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1209 |
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Published: February 06, 2015; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1433 |
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. Published: February 03, 2015; 11:59:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1382 |
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Published: February 03, 2015; 11:59:13 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1381 |
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Published: February 03, 2015; 11:59:12 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1380 |
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Published: February 03, 2015; 11:59:11 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9556 |
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Published: February 03, 2015; 11:59:05 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0236 |
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. Published: January 29, 2015; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-1419 |
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Published: January 28, 2015; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1182 |
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. Published: January 27, 2015; 3:59:14 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8154 |
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. Published: January 27, 2015; 3:59:12 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8158 |
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. Published: January 26, 2015; 10:59:09 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8157 |
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. Published: January 26, 2015; 10:59:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8148 |
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. Published: January 26, 2015; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-9640 |
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. Published: January 23, 2015; 10:59:10 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |