Max CVSS 10.0 Min CVSS 1.2 Total Count87
IDCVSSSummaryLast (major) updatePublished
CVE-2014-3471 2.1
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2014-3430 5.0
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an I
06-01-2017 - 21:59 14-05-2014 - 15:55
CVE-2014-2440 5.1
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2436 6.0
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2431 2.6
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2430 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-9029 7.5
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based bu
02-01-2017 - 21:59 08-12-2014 - 11:59
CVE-2014-8730 4.3
The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.
02-01-2017 - 21:59 09-12-2014 - 19:59
CVE-2014-8500 7.8
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referra
02-01-2017 - 21:59 10-12-2014 - 21:59
CVE-2014-8090 5.0
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string
02-01-2017 - 21:59 21-11-2014 - 10:59
CVE-2014-8080 5.0
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
02-01-2017 - 21:59 03-11-2014 - 11:55
CVE-2014-7841 5.0
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malf
02-01-2017 - 21:59 29-11-2014 - 20:59
CVE-2014-7823 5.0
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
02-01-2017 - 21:59 13-11-2014 - 16:32
CVE-2014-3615 2.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
02-01-2017 - 21:59 01-11-2014 - 19:55
CVE-2014-8583 6.9
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
30-12-2016 - 21:59 16-12-2014 - 13:59
CVE-2014-1594 6.8
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicConta
23-12-2016 - 21:59 11-12-2014 - 06:59
CVE-2014-1593 6.8
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted m
23-12-2016 - 21:59 11-12-2014 - 06:59
CVE-2014-1592 6.8
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding
23-12-2016 - 21:59 11-12-2014 - 06:59
CVE-2014-1590 4.3
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScrip
23-12-2016 - 21:59 11-12-2014 - 06:59
CVE-2014-1587 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and app
23-12-2016 - 21:59 11-12-2014 - 06:59
CVE-2014-6363 9.3
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScri
09-12-2016 - 13:20 10-12-2014 - 19:59
CVE-2014-7815 5.0
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
07-12-2016 - 22:06 14-11-2014 - 10:59
CVE-2014-8602 4.3
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
28-11-2016 - 14:13 10-12-2014 - 21:59
CVE-2014-9028 7.5
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
25-10-2016 - 22:00 26-11-2014 - 10:59
CVE-2014-8962 7.5
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
25-10-2016 - 22:00 26-11-2014 - 10:59
CVE-2014-3640 2.1
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized s
31-08-2016 - 10:53 07-11-2014 - 14:55
CVE-2014-8104 6.8
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
29-08-2016 - 14:46 03-12-2014 - 13:59
CVE-2014-9157 7.5
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
01-06-2016 - 22:35 03-12-2014 - 16:59
CVE-2014-6369 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
02-11-2015 - 13:17 10-12-2014 - 19:59
CVE-2014-9090 4.9
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a mo
03-06-2015 - 22:01 29-11-2014 - 20:59
CVE-2014-8369 4.6
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or p
03-06-2015 - 22:01 10-11-2014 - 06:55
CVE-2014-8884 6.1
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privilege
13-04-2015 - 21:59 29-11-2014 - 20:59
CVE-2013-6456 5.8
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virD
02-01-2015 - 21:22 15-04-2014 - 19:55
CVE-2013-6457 5.2
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibl
02-01-2015 - 21:21 24-01-2014 - 13:55
CVE-2013-6458 6.8
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote rea
02-01-2015 - 21:19 24-01-2014 - 13:55
CVE-2013-7336 1.9
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and li
02-01-2015 - 21:18 07-05-2014 - 06:55
CVE-2014-0028 4.3
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2)
02-01-2015 - 21:08 24-01-2014 - 13:55
CVE-2014-1447 3.3
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
02-01-2015 - 20:44 24-01-2014 - 13:55
CVE-2014-3633 5.8
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via
02-01-2015 - 20:37 06-10-2014 - 10:55
CVE-2013-6436 2.1
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference
02-01-2015 - 20:03 07-01-2014 - 14:55
CVE-2013-5651 5.0
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
02-01-2015 - 20:01 30-09-2013 - 17:55
CVE-2013-4400 7.2
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
02-01-2015 - 11:31 09-12-2013 - 11:36
CVE-2013-4401 8.5
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted X
02-01-2015 - 11:30 02-11-2013 - 14:55
CVE-2013-4297 4.0
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
02-01-2015 - 11:25 30-09-2013 - 17:55
CVE-2013-4296 4.0
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized po
02-01-2015 - 11:24 30-09-2013 - 17:55
CVE-2013-4292 2.1
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
02-01-2015 - 11:23 30-09-2013 - 17:55
CVE-2014-5177 1.2
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the
23-12-2014 - 22:00 03-08-2014 - 14:55
CVE-2014-0179 1.9
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompa
23-12-2014 - 21:59 03-08-2014 - 14:55
CVE-2014-7275 5.8
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
21-12-2014 - 23:10 07-10-2014 - 21:55
CVE-2014-7274 5.8
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obt
21-12-2014 - 23:09 07-10-2014 - 21:55
CVE-2014-7273 6.8
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.
19-12-2014 - 14:14 07-10-2014 - 21:55
CVE-2014-9018 5.0
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
17-12-2014 - 11:06 03-12-2014 - 13:59
CVE-2014-6408 5.0
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
15-12-2014 - 14:36 12-12-2014 - 10:59
CVE-2014-6407 7.5
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
15-12-2014 - 14:36 12-12-2014 - 10:59
CVE-2013-4399 4.3
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) b
15-12-2014 - 14:10 12-12-2014 - 10:59
CVE-2014-0587 10.0
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a d
11-12-2014 - 22:41 10-12-2014 - 16:59
CVE-2014-6364 9.3
Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vul
11-12-2014 - 22:23 10-12-2014 - 19:59
CVE-2014-6361 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execut
11-12-2014 - 22:12 10-12-2014 - 19:59
CVE-2014-6360 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
11-12-2014 - 22:06 10-12-2014 - 19:59
CVE-2014-6356 9.3
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."
11-12-2014 - 22:05 10-12-2014 - 19:59
CVE-2014-6355 5.0
The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG ima
11-12-2014 - 22:04 10-12-2014 - 19:59
CVE-2014-9164 10.0
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a d
11-12-2014 - 20:44 10-12-2014 - 16:59
CVE-2014-9163 10.0
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild
11-12-2014 - 20:43 10-12-2014 - 16:59
CVE-2014-9162 10.0
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors.
11-12-2014 - 20:42 10-12-2014 - 16:59
CVE-2014-8443 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors.
11-12-2014 - 19:39 10-12-2014 - 16:59
CVE-2014-0580 10.0
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
11-12-2014 - 15:09 10-12-2014 - 16:59
CVE-2014-6357 9.3
Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold an
11-12-2014 - 14:32 10-12-2014 - 19:59
CVE-2014-6366 9.3
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 14:30 10-12-2014 - 19:59
CVE-2014-6330 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 14:22 10-12-2014 - 19:59
CVE-2014-6374 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 14:21 10-12-2014 - 19:59
CVE-2014-6329 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
11-12-2014 - 14:18 10-12-2014 - 19:59
CVE-2014-6327 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
11-12-2014 - 14:02 10-12-2014 - 19:59
CVE-2014-9091 4.6
Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.
11-12-2014 - 13:24 10-12-2014 - 10:59
CVE-2014-8966 9.3
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 13:13 10-12-2014 - 19:59
CVE-2014-6376 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
11-12-2014 - 13:11 10-12-2014 - 19:59
CVE-2014-6375 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 13:09 10-12-2014 - 19:59
CVE-2014-6373 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11-12-2014 - 13:09 10-12-2014 - 19:59
CVE-2014-6368 4.3
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
11-12-2014 - 12:56 10-12-2014 - 19:59
CVE-2014-6365 4.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328
11-12-2014 - 12:54 10-12-2014 - 19:59
CVE-2014-6336 3.5
Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unsp
11-12-2014 - 12:46 10-12-2014 - 19:59
CVE-2014-6326 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2
11-12-2014 - 12:42 10-12-2014 - 19:59
CVE-2014-6328 5.0
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365
11-12-2014 - 12:41 10-12-2014 - 19:59
CVE-2014-6325 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2
11-12-2014 - 12:34 10-12-2014 - 19:59
CVE-2014-6319 5.0
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, a
11-12-2014 - 12:34 10-12-2014 - 19:59
CVE-2014-5263 6.8
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain p
18-11-2014 - 22:02 26-08-2014 - 10:55
CVE-2014-5388 4.6
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corr
17-11-2014 - 10:29 15-11-2014 - 16:59
CVE-2013-1923 3.2
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
22-01-2014 - 16:13 21-01-2014 - 13:55
Back to Top Mark selected
Back to Top