Max CVSS 10.0 Min CVSS 1.7 Total Count62
IDCVSSSummaryLast (major) updatePublished
CVE-2014-7188 8.3
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other gues
09-04-2017 - 21:59 02-10-2014 - 10:55
CVE-2014-2706 7.1
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related
07-04-2017 - 21:59 14-04-2014 - 19:55
CVE-2014-1739 1.7
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/med
07-04-2017 - 21:59 23-06-2014 - 07:21
CVE-2014-5472 4.0
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
06-01-2017 - 22:00 31-08-2014 - 21:55
CVE-2014-5471 4.0
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted i
06-01-2017 - 22:00 31-08-2014 - 21:55
CVE-2014-5077 5.4
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an assoc
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-4943 6.9
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
06-01-2017 - 22:00 19-07-2014 - 15:55
CVE-2014-4667 5.0
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
06-01-2017 - 22:00 03-07-2014 - 00:22
CVE-2014-4508 4.7
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscal
06-01-2017 - 22:00 23-06-2014 - 07:21
CVE-2014-4171 4.7
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hol
06-01-2017 - 22:00 23-06-2014 - 07:21
CVE-2014-4027 2.3
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveragin
06-01-2017 - 22:00 23-06-2014 - 07:21
CVE-2014-4021 2.7
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
06-01-2017 - 22:00 18-06-2014 - 15:55
CVE-2014-3153 7.2
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe wai
06-01-2017 - 21:59 07-06-2014 - 10:55
CVE-2014-2653 5.8
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
06-01-2017 - 21:59 27-03-2014 - 06:55
CVE-2014-2599 4.9
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests
06-01-2017 - 21:59 28-03-2014 - 11:55
CVE-2014-2532 5.8
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2014-7156 3.3
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of servi
02-01-2017 - 21:59 02-10-2014 - 10:55
CVE-2014-7155 5.8
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges
02-01-2017 - 21:59 02-10-2014 - 10:55
CVE-2014-7154 6.1
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
02-01-2017 - 21:59 02-10-2014 - 10:55
CVE-2014-6558 2.6
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
02-01-2017 - 21:59 15-10-2014 - 18:55
CVE-2014-6517 5.0
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.
02-01-2017 - 21:59 15-10-2014 - 18:55
CVE-2014-6512 4.3
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
02-01-2017 - 21:59 15-10-2014 - 18:55
CVE-2014-6468 6.8
Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
02-01-2017 - 21:59 15-10-2014 - 11:55
CVE-2014-6457 4.0
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
02-01-2017 - 21:59 15-10-2014 - 11:55
CVE-2014-3968 5.5
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
21-12-2016 - 21:59 05-06-2014 - 16:55
CVE-2014-3967 5.5
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecif
21-12-2016 - 21:59 05-06-2014 - 16:55
CVE-2014-3660 5.0
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
07-12-2016 - 22:05 04-11-2014 - 11:55
CVE-2014-1573 4.3
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-sit
28-11-2016 - 14:10 12-10-2014 - 21:55
CVE-2014-1572 5.0
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for th
28-11-2016 - 14:10 12-10-2014 - 21:55
CVE-2014-6511 5.0
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
24-10-2016 - 21:59 15-10-2014 - 18:55
CVE-2014-3634 7.5
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an
17-10-2016 - 23:44 01-11-2014 - 20:55
CVE-2014-6410 4.7
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UD
22-08-2016 - 22:08 28-09-2014 - 06:55
CVE-2014-3686 6.8
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
26-07-2016 - 21:59 15-10-2014 - 20:55
CVE-2014-1571 4.0
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient,
07-04-2016 - 16:57 12-10-2014 - 21:55
CVE-2013-4344 6.0
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
20-11-2015 - 10:58 04-10-2013 - 13:55
CVE-2013-4540 7.5
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
20-11-2015 - 10:50 04-11-2014 - 16:55
CVE-2014-8326 3.5
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) t
06-08-2015 - 12:37 05-11-2014 - 06:55
CVE-2014-6531 4.3
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
17-03-2015 - 22:02 15-10-2014 - 18:55
CVE-2014-6506 6.8
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
17-03-2015 - 22:02 15-10-2014 - 18:55
CVE-2014-6502 2.6
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
17-03-2015 - 22:02 15-10-2014 - 18:55
CVE-2014-6527 2.6
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
16-03-2015 - 22:00 15-10-2014 - 18:55
CVE-2014-6513 10.0
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
16-03-2015 - 22:00 15-10-2014 - 18:55
CVE-2014-6562 9.3
Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
20-02-2015 - 22:01 15-10-2014 - 18:55
CVE-2014-6519 5.0
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.
20-02-2015 - 22:00 15-10-2014 - 18:55
CVE-2014-6504 5.0
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.
20-02-2015 - 22:00 15-10-2014 - 18:55
CVE-2014-7275 5.8
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
21-12-2014 - 23:10 07-10-2014 - 21:55
CVE-2014-7274 5.8
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obt
21-12-2014 - 23:09 07-10-2014 - 21:55
CVE-2014-7273 6.8
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
19-12-2014 - 14:14 07-10-2014 - 21:55
CVE-2013-1979 6.9
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
06-12-2014 - 21:59 03-05-2013 - 07:57
CVE-2014-6432 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6431 5.0
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6430 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application c
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6429 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (ap
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6428 5.0
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6427 5.0
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6426 5.0
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6425 5.0
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6424 5.0
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a den
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6423 5.0
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6422 5.0
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6421 5.0
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissector
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2012-0698 5.0
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.
17-08-2013 - 02:41 26-11-2012 - 07:45
Back to Top Mark selected
Back to Top