Redhat Enterprise Linux Desktop vulnerabilities

CVE-2014-7840 [HIGH] CWE-20 CVE-2014-7840: The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allo The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

CVE-2014-9273 [MEDIUM] CWE-119 CVE-2014-9273: lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

CVE-2014-8867 [MEDIUM] CWE-17 CVE-2014-8867: The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks prope The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

CVE-2012-6662 [MEDIUM] CWE-79 CVE-2012-6662: Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in th Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVE-2014-4975 [MEDIUM] CWE-119 CVE-2014-4975: Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

CVE-2014-8567 [CRITICAL] CWE-399 CVE-2014-8567: The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

CVE-2014-7815 [MEDIUM] CWE-20 CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of servi The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

CVE-2014-8564 [MEDIUM] CWE-310 CVE-2014-8564: The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

CVE-2014-3693 [HIGH] CVE-2014-3693: Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

CVE-2014-3640 [LOW] CWE-476 CVE-2014-3640: The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of se The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

CVE-2014-3615 [LOW] CWE-200 CVE-2014-3615: The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a hi The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

CVE-2014-3566 [LOW] CWE-310 CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CB The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVE-2014-3581 [MEDIUM] CWE-476 CVE-2014-3581: The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

CVE-2014-7145 [HIGH] CWE-399 CVE-2014-7145: The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS ser The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

CVE-2014-7169 [CRITICAL] CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgi

CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute

CVE-2014-3575 [MEDIUM] CWE-200 CVE-2014-3575: The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow re The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

CVE-2014-3528 [MEDIUM] CWE-255 CVE-2014-3528: Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CVE-2014-4343 [HIGH] CWE-415 CVE-2014-4343: Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/sp Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended accep

CVE-2014-4344 [HIGH] CWE-476 CVE-2014-4344: The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.