Max CVSS 10.0 Min CVSS 1.9 Total Count44
IDCVSSSummaryLast (major) updatePublished
CVE-2014-3470 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0224 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0076 1.9
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
18-01-2017 - 21:59 25-03-2014 - 09:25
CVE-2014-4979 9.3
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
06-01-2017 - 22:00 26-07-2014 - 07:11
CVE-2014-4416 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4403 2.1
The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4402 9.3
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4401 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4400 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4399 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4398 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4397 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4396 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4395 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4394 6.9
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application,
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4393 10.0
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4390 9.3
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4389 9.3
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4388 9.3
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4381 9.3
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4379 7.1
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4378 5.8
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4377 6.8
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4376 10.0
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4374 5.0
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-4350 6.8
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
06-01-2017 - 22:00 19-09-2014 - 06:55
CVE-2014-4049 5.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns
06-01-2017 - 22:00 18-06-2014 - 15:55
CVE-2014-3981 3.3
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
06-01-2017 - 22:00 08-06-2014 - 14:55
CVE-2014-3515 7.5
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that
06-01-2017 - 22:00 09-07-2014 - 07:07
CVE-2014-1391 6.8
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
06-01-2017 - 21:59 19-09-2014 - 06:55
CVE-2014-0238 5.0
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero len
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0237 5.0
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0221 4.3
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0195 6.8
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary c
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0185 7.2
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
06-01-2017 - 21:59 06-05-2014 - 06:44
CVE-2014-3487 4.3
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (applicati
28-11-2016 - 14:11 09-07-2014 - 07:07
CVE-2014-3480 4.3
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (appli
28-11-2016 - 14:11 09-07-2014 - 07:07
CVE-2014-3479 4.3
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (appli
28-11-2016 - 14:11 09-07-2014 - 07:07
CVE-2014-3478 5.0
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal
28-11-2016 - 14:11 09-07-2014 - 07:07
CVE-2014-0207 4.3
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a craft
28-11-2016 - 14:10 09-07-2014 - 07:07
CVE-2014-2525 6.8
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
05-08-2016 - 11:13 28-03-2014 - 11:55
CVE-2014-2270 4.3
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
18-11-2014 - 22:00 14-03-2014 - 11:55
CVE-2014-1943 5.0
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
18-11-2014 - 22:00 18-02-2014 - 14:55
CVE-2013-7345 5.0
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a cra
18-11-2014 - 21:59 24-03-2014 - 12:31
Back to Top Mark selected
Back to Top