The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
Category Archives: NVD
National Vulnerability Database – This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
CVE-2014-2524 (fedora, mageia, opensuse, readline)
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-3522 (opensuse, subversion, ubuntu_linux, xcode)
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2014-3528 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, opensuse, subversion, ubuntu_linux, xcode)
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
CVE-2014-4344 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_workstation, kerberos)
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
CVE-2014-3429 (ipython_notebook, mageia, opensuse)
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
CVE-2014-2623 (storage_data_protector)
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2014-4258 (debian_linux, mysql, solaris, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, vcenter_server_appliance)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
CVE-2014-4243 (mysql, solaris, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
CVE-2014-4260 (debian_linux, mysql, solaris, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.