U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 260 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

Published: December 17, 2014; 2:59:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8116

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

Published: December 17, 2014; 2:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Published: December 16, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-3583

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

Published: December 15, 2014; 1:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8602

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

Published: December 10, 2014; 9:59:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8737

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Published: December 09, 2014; 6:59:07 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2014-8504

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Published: December 09, 2014; 6:59:06 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8503

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Published: December 09, 2014; 6:59:05 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8502

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

Published: December 09, 2014; 6:59:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8501

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Published: December 09, 2014; 6:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8485

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Published: December 09, 2014; 6:59:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8484

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Published: December 09, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6656

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

Published: December 05, 2014; 11:59:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Published: December 03, 2014; 1:59:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

Published: December 01, 2014; 10:59:11 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9093

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Published: November 26, 2014; 10:59:09 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Published: November 26, 2014; 10:59:04 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-1421

mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

Published: November 25, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-7817

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Published: November 24, 2014; 10:59:01 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-8768

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Published: November 20, 2014; 12:50:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM