Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.
Monthly Archives: December 2014
DSA-3087 qemu – security update
Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.
Vuln: Xen CVE-2014-8867 Denial of Service Vulnerability
Xen CVE-2014-8867 Denial of Service Vulnerability
Vuln: Xen 'PHYSDEVOP_{prepare,release}_msix' Operations Local Privilege Escalation Vulnerability
Xen ‘PHYSDEVOP_{prepare,release}_msix’ Operations Local Privilege Escalation Vulnerability
Vuln: Xen CVE-2014-8595 Local Privilege Escalation Vulnerability
Xen CVE-2014-8595 Local Privilege Escalation Vulnerability
Vuln: Xen CVE-2014-8866 Denial of Service Vulnerability
Xen CVE-2014-8866 Denial of Service Vulnerability
CVE-2013-7416
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
CVE-2014-9134
Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
CVE-2014-9234
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.