CVE-2014-3200 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Source: CVE-2014-3200 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)

CVE-2014-3199 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object.

Source: CVE-2014-3199 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)

CVE-2014-7204 (debian_linux, exuberant_ctags, mageia, ubuntu_linux)

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

Source: CVE-2014-7204 (debian_linux, exuberant_ctags, mageia, ubuntu_linux)

CVE-2014-6054 (debian_linux, libvncserver, ubuntu_linux)

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Source: CVE-2014-6054 (debian_linux, libvncserver, ubuntu_linux)

CVE-2014-6051 (debian_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, fedora, libvncserver, solaris)

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Source: CVE-2014-6051 (debian_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, fedora, libvncserver, solaris)

CVE-2014-6055 (debian_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, fedora, libvncserver)

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Source: CVE-2014-6055 (debian_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, fedora, libvncserver)