Max CVSS 10.0 Min CVSS 1.9 Total Count135
IDCVSSSummaryLast (major) updatePublished
CVE-2014-5450 2.1
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
19-03-2018 - 17:29 19-03-2018 - 17:29
CVE-2014-0146 1.9
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapsh
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0145 4.6
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/q
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0143 4.4
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bo
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0142 2.1
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-3527 7.5
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authent
25-05-2017 - 13:29 25-05-2017 - 13:29
CVE-2014-0016 4.3
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attacker
26-01-2017 - 15:00 24-03-2014 - 12:31
CVE-2014-3577 5.8
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi
10-01-2017 - 21:59 21-08-2014 - 10:55
CVE-2014-5472 4.0
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
06-01-2017 - 22:00 31-08-2014 - 21:55
CVE-2014-5471 4.0
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted i
06-01-2017 - 22:00 31-08-2014 - 21:55
CVE-2014-5119 7.5
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
06-01-2017 - 22:00 29-08-2014 - 12:55
CVE-2014-4670 4.6
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications i
06-01-2017 - 22:00 10-07-2014 - 07:06
CVE-2014-4049 5.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns
06-01-2017 - 22:00 18-06-2014 - 15:55
CVE-2014-3981 3.3
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
06-01-2017 - 22:00 08-06-2014 - 14:55
CVE-2014-3597 6.8
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS re
06-01-2017 - 22:00 22-08-2014 - 21:55
CVE-2014-3469 4.3
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3468 6.8
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3467 4.3
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3177 10.0
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3176 10.0
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3175 10.0
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType an
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3174 5.0
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote a
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3173 5.0
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3172 6.4
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an ex
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3171 7.5
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operation
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3170 6.4
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3169 7.5
Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3168 7.5
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated wi
06-01-2017 - 21:59 26-08-2014 - 21:55
CVE-2014-3167 7.5
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 13-08-2014 - 00:57
CVE-2014-3166 5.0
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtai
06-01-2017 - 21:59 13-08-2014 - 00:57
CVE-2014-3165 7.5
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have u
06-01-2017 - 21:59 13-08-2014 - 00:57
CVE-2014-3162 5.0
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-3160 6.8
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-3157 7.5
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impac
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3156 7.5
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/r
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3155 5.0
net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3154 7.5
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other im
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-2497 4.3
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
06-01-2017 - 21:59 21-03-2014 - 10:55
CVE-2014-1749 7.5
Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1748 5.0
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1747 4.3
Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1746 5.0
The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds rea
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1745 7.5
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGF
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1744 7.5
Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have un
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1743 7.5
Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly
06-01-2017 - 21:59 21-05-2014 - 07:14
CVE-2014-1742 7.5
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecifie
06-01-2017 - 21:59 14-05-2014 - 07:13
CVE-2014-1741 7.5
Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or p
06-01-2017 - 21:59 14-05-2014 - 07:13
CVE-2014-1740 7.5
Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vector
06-01-2017 - 21:59 14-05-2014 - 07:13
CVE-2014-1735 7.5
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via u
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1734 7.5
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1733 7.5
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandb
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1732 7.5
Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unsp
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1731 7.5
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote at
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1730 7.8
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging
06-01-2017 - 21:59 26-04-2014 - 06:55
CVE-2014-1729 7.5
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1728 7.5
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1727 7.5
Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1726 4.3
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1725 5.0
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of s
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1724 7.5
Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a tex
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1723 7.5
The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via cra
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1722 7.5
Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibl
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1721 7.5
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1720 7.5
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified oth
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1719 7.5
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1718 7.5
Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1717 7.5
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other
06-01-2017 - 21:59 09-04-2014 - 06:57
CVE-2014-1716 7.5
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Univ
06-01-2017 - 21:59 09-04-2014 - 06:56
CVE-2014-1715 7.5
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1714 7.5
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remo
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1713 7.5
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers t
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1705 7.5
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1704 10.0
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1703 7.5
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to byp
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1702 7.5
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1701 4.3
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote att
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1700 7.5
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling
06-01-2017 - 21:59 16-03-2014 - 10:06
CVE-2014-1402 4.4
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
06-01-2017 - 21:59 19-05-2014 - 10:55
CVE-2014-0538 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK befo
06-01-2017 - 21:59 12-08-2014 - 18:55
CVE-2014-0238 5.0
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero len
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0237 5.0
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0185 7.2
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
06-01-2017 - 21:59 06-05-2014 - 06:44
CVE-2014-0098 5.0
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handl
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2014-0064 6.5
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact an
06-01-2017 - 21:59 31-03-2014 - 10:58
CVE-2014-0063 6.5
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrar
06-01-2017 - 21:59 31-03-2014 - 10:58
CVE-2014-0062 4.9
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthori
06-01-2017 - 21:59 31-03-2014 - 10:58
CVE-2014-0061 6.5
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1
06-01-2017 - 21:59 31-03-2014 - 10:58
CVE-2014-0060 4.0
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary user
06-01-2017 - 21:59 31-03-2014 - 10:58
CVE-2013-6438 5.0
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) v
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2014-0065 6.5
Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than
30-12-2016 - 21:59 31-03-2014 - 10:58
CVE-2013-2110 5.0
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp
30-12-2016 - 21:59 21-06-2013 - 16:55
CVE-2014-2913 7.5
** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this iss
21-12-2016 - 21:59 07-05-2014 - 06:55
CVE-2014-0066 4.0
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to
07-12-2016 - 22:04 31-03-2014 - 10:58
CVE-2014-0222 7.5
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
06-12-2016 - 22:00 04-11-2014 - 16:55
CVE-2014-0475 6.8
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG
28-11-2016 - 14:10 29-07-2014 - 10:55
CVE-2014-0223 4.6
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read
28-11-2016 - 14:10 04-11-2014 - 16:55
CVE-2013-6420 7.5
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
28-11-2016 - 14:09 16-12-2013 - 23:46
CVE-2013-4248 4.3
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-
28-11-2016 - 14:09 17-08-2013 - 22:52
CVE-2014-5120 6.4
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1)
25-10-2016 - 22:00 22-08-2014 - 21:55
CVE-2014-3158 7.5
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] se
24-10-2016 - 21:59 15-11-2014 - 16:59
CVE-2013-7327 6.8
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments t
21-09-2016 - 11:35 18-02-2014 - 06:55
CVE-2014-5270 2.1
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the
07-09-2016 - 13:55 09-10-2014 - 21:55
CVE-2012-6153 4.3
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man
22-08-2016 - 22:06 04-09-2014 - 13:55
CVE-2013-6712 5.0
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte
07-04-2016 - 17:05 27-11-2013 - 23:37
CVE-2014-0012 4.4
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix
14-12-2015 - 18:07 19-05-2014 - 10:55
CVE-2014-5449 2.1
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
17-11-2015 - 12:51 20-10-2014 - 11:55
CVE-2014-5448 2.1
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
17-11-2015 - 12:51 20-10-2014 - 11:55
CVE-2014-5447 2.1
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2
17-11-2015 - 11:28 20-10-2014 - 11:55
CVE-2014-2270 4.3
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
18-11-2014 - 22:00 14-03-2014 - 11:55
CVE-2014-1943 5.0
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
18-11-2014 - 22:00 18-02-2014 - 14:55
CVE-2013-7345 5.0
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a cra
18-11-2014 - 21:59 24-03-2014 - 12:31
CVE-2014-2894 7.2
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
13-11-2014 - 22:03 23-04-2014 - 11:55
CVE-2014-3461 6.8
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
05-11-2014 - 13:50 04-11-2014 - 16:55
CVE-2014-2669 6.5
Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hst
20-05-2014 - 00:13 31-03-2014 - 10:58
CVE-2014-0150 4.9
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
10-05-2014 - 00:01 18-04-2014 - 10:55
CVE-2013-4544 4.9
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these detai
09-05-2014 - 10:07 08-05-2014 - 10:29
CVE-2013-7226 6.8
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dim
13-03-2014 - 21:17 18-02-2014 - 06:55
CVE-2013-6425 5.0
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
05-03-2014 - 23:49 18-01-2014 - 14:55
CVE-2013-4377 2.3
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
05-03-2014 - 23:47 11-10-2013 - 18:55
CVE-2013-4113 6.8
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
05-03-2014 - 23:47 13-07-2013 - 09:10
CVE-2013-1643 5.0
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-1635 7.5
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggeri
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-2142 3.3
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pe
21-01-2014 - 15:54 19-01-2014 - 13:02
CVE-2013-1900 8.5
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat
03-01-2014 - 23:46 04-04-2013 - 13:55
CVE-2013-0255 6.8
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments
03-01-2014 - 23:44 12-02-2013 - 20:55
CVE-2013-1362 7.5
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
13-12-2013 - 00:13 09-07-2013 - 13:55
CVE-2013-1901 4.0
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
30-11-2013 - 23:27 04-04-2013 - 13:55
CVE-2013-1899 6.5
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration setti
30-11-2013 - 23:27 04-04-2013 - 13:55
CVE-2013-1824 4.3
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity
18-09-2013 - 13:01 16-09-2013 - 09:02
CVE-2013-4635 5.0
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish
11-09-2013 - 23:36 21-06-2013 - 17:55
CVE-2011-4718 6.8
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
13-08-2013 - 14:32 13-08-2013 - 11:04
CVE-2013-4636 4.3
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type
24-06-2013 - 18:37 21-06-2013 - 17:55
CVE-2013-3735 5.0
** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application cras
03-06-2013 - 00:00 31-05-2013 - 17:55
CVE-2007-6227 7.2
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as dem
20-12-2008 - 01:47 04-12-2007 - 13:46
Back to Top Mark selected
Back to Top