Vulnerability & Exploit Database

Displaying entries 1 - 10 of 19 in total

Results for: CVE-2014-1488 Back to search

ELSA-2015-1197 Moderate: Oracle Linux openssl security update Vulnerability

  • Severity: 5
  • Published: June 12, 2015

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

ELSA-2015-2617 Moderate: Oracle Linux openssl security update Vulnerability

  • Severity: 8
  • Published: March 19, 2015

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a ...

SUSE: CVE-2014-8159: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: March 16, 2015

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or ga...

SUSE: CVE-2014-7822: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: March 16, 2015

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file d...

F5 Networks: K17237 (CVE-2014-7822): Linux kernel vulnerability CVE-2014-7822 Vulnerability

  • Severity: 7
  • Published: March 16, 2015

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file d...

SUSE Linux Security Advisory: SUSE-SU-2014:1100-1 Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

USN-2102-1: Firefox vulnerabilities Vulnerability

  • Severity: 10
  • Published: February 06, 2014

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

SUSE: CVE-2014-1488: SUSE Linux Security Advisory Vulnerability

  • Severity: 10
  • Published: February 06, 2014

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.