Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-06 | CVE-2014-8483 | Out-Of-Bounds Read vulnerability in multiple products The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | 5.0 |
| 2014-11-04 | CVE-2014-3660 | Denial of Service vulnerability in Libxml2 Entities Expansion parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | 5.0 |
| 2014-11-03 | CVE-2014-8080 | XML External Entity Denial of Service vulnerability in Ruby The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | 5.0 |
| 2014-10-29 | CVE-2014-3694 | Cryptographic Issues vulnerability in multiple products The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
| 2014-10-16 | CVE-2014-3686 | Improper Input Validation vulnerability in multiple products wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | 6.8 |
| 2014-10-15 | CVE-2014-1829 | Information Exposure vulnerability in multiple products Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | 5.0 |
| 2014-10-13 | CVE-2014-7975 | The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. | 4.9 |
| 2014-10-13 | CVE-2014-7970 | Resource Exhaustion vulnerability in multiple products The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . | 4.9 |
| 2014-10-07 | CVE-2014-7204 | Resource Management Errors vulnerability in multiple products jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | 5.0 |
| 2014-10-06 | CVE-2014-6054 | Numeric Errors vulnerability in multiple products The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. | 4.3 |