Max CVSS 10.0 Min CVSS 1.2 Total Count421
IDCVSSSummaryLast (major) updatePublished
CVE-2014-8130 4.3
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteS
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2014-8129 6.8
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2014-1859 2.1
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
08-01-2018 - 14:29 08-01-2018 - 14:29
CVE-2014-1858 2.1
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
08-01-2018 - 14:29 08-01-2018 - 14:29
CVE-2014-4914 7.5
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
29-12-2017 - 09:29 29-12-2017 - 09:29
CVE-2014-9092 4.3
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
10-10-2017 - 09:29 10-10-2017 - 09:29
CVE-2014-9474 7.5
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.
09-10-2017 - 21:30 09-10-2017 - 21:30
CVE-2015-1395 7.8
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
25-08-2017 - 14:29 25-08-2017 - 14:29
CVE-2014-9637 7.1
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
25-08-2017 - 14:29 25-08-2017 - 14:29
CVE-2014-4616 4.3
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decod
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2014-8127 4.3
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tif
26-06-2017 - 11:29 26-06-2017 - 11:29
CVE-2014-8354 4.3
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2014-9680 2.1
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
04-05-2017 - 17:09 24-04-2017 - 02:59
CVE-2014-7926 7.5
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe
23-04-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-7923 7.5
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe
23-04-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-8355 4.3
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 14:18 11-04-2017 - 15:59
CVE-2014-8716 2.1
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
17-04-2017 - 09:00 11-04-2017 - 15:59
CVE-2014-8562 4.3
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 08:52 11-04-2017 - 15:59
CVE-2014-9114 7.2
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
05-04-2017 - 07:45 31-03-2017 - 12:59
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
23-03-2017 - 21:59 14-10-2014 - 20:55
CVE-2014-9645 2.1
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or
14-03-2017 - 08:52 12-03-2017 - 01:59
CVE-2014-4877 9.3
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two
16-02-2017 - 21:59 29-10-2014 - 06:55
CVE-2014-0050 7.5
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that b
16-02-2017 - 21:59 01-04-2014 - 02:27
CVE-2014-0016 4.3
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attacker
26-01-2017 - 15:00 24-03-2014 - 12:31
CVE-2010-5298 4.0
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via
26-01-2017 - 15:00 14-04-2014 - 18:38
CVE-2014-3470 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0224 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0198 4.3
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL
18-01-2017 - 21:59 06-05-2014 - 06:44
CVE-2014-0076 1.9
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
18-01-2017 - 21:59 25-03-2014 - 09:25
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-5461 5.0
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
06-01-2017 - 22:00 04-09-2014 - 13:55
CVE-2014-5119 7.5
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
06-01-2017 - 22:00 29-08-2014 - 12:55
CVE-2014-5031 5.0
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
06-01-2017 - 22:00 29-07-2014 - 10:55
CVE-2014-5030 1.9
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
06-01-2017 - 22:00 29-07-2014 - 10:55
CVE-2014-5029 1.5
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-
06-01-2017 - 22:00 29-07-2014 - 10:55
CVE-2014-4721 2.6
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
06-01-2017 - 22:00 06-07-2014 - 19:55
CVE-2014-4698 4.6
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio
06-01-2017 - 22:00 10-07-2014 - 07:06
CVE-2014-4670 4.6
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications i
06-01-2017 - 22:00 10-07-2014 - 07:06
CVE-2014-4617 5.0
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte seq
06-01-2017 - 22:00 25-06-2014 - 07:19
CVE-2014-4260 5.5
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
06-01-2017 - 22:00 17-07-2014 - 07:17
CVE-2014-4258 6.5
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
06-01-2017 - 22:00 17-07-2014 - 07:17
CVE-2014-4243 2.8
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
06-01-2017 - 22:00 17-07-2014 - 07:17
CVE-2014-4207 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
06-01-2017 - 22:00 17-07-2014 - 01:10
CVE-2014-4049 5.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns
06-01-2017 - 22:00 18-06-2014 - 15:55
CVE-2014-3970 2.9
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
06-01-2017 - 22:00 11-06-2014 - 10:55
CVE-2014-3956 1.9
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom ma
06-01-2017 - 22:00 04-06-2014 - 07:19
CVE-2014-3609 5.0
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
06-01-2017 - 22:00 11-09-2014 - 14:55
CVE-2014-3597 6.8
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS re
06-01-2017 - 22:00 22-08-2014 - 21:55
CVE-2014-3589 5.0
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
06-01-2017 - 22:00 25-08-2014 - 10:55
CVE-2014-3587 4.3
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a craf
06-01-2017 - 22:00 22-08-2014 - 21:55
CVE-2014-3538 5.0
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. N
06-01-2017 - 22:00 03-07-2014 - 10:55
CVE-2014-3537 1.2
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
06-01-2017 - 22:00 23-07-2014 - 10:55
CVE-2014-3528 4.0
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authenticat
06-01-2017 - 22:00 19-08-2014 - 14:55
CVE-2014-3522 4.0
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to
06-01-2017 - 22:00 19-08-2014 - 14:55
CVE-2014-3515 7.5
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that
06-01-2017 - 22:00 09-07-2014 - 07:07
CVE-2014-3504 4.0
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 cer
06-01-2017 - 22:00 19-08-2014 - 14:55
CVE-2014-3493 2.7
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
06-01-2017 - 22:00 23-06-2014 - 10:55
CVE-2014-3469 4.3
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3468 6.8
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3467 4.3
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3466 6.8
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code
06-01-2017 - 21:59 03-06-2014 - 10:55
CVE-2014-3430 5.0
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an I
06-01-2017 - 21:59 14-05-2014 - 15:55
CVE-2014-2653 5.8
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
06-01-2017 - 21:59 27-03-2014 - 06:55
CVE-2014-2532 5.8
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2014-2497 4.3
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
06-01-2017 - 21:59 21-03-2014 - 10:55
CVE-2014-2494 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
06-01-2017 - 21:59 17-07-2014 - 01:10
CVE-2014-2440 5.1
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2438 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2436 6.0
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2432 2.8
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2431 2.6
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2430 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2419 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-0459 4.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0437 3.5
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0420 2.8
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0412 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0401 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0384 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0244 3.3
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
06-01-2017 - 21:59 23-06-2014 - 10:55
CVE-2014-0238 5.0
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero len
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0237 5.0
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
06-01-2017 - 21:59 01-06-2014 - 00:29
CVE-2014-0231 5.0
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0221 4.3
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0211 7.5
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, wh
06-01-2017 - 21:59 15-05-2014 - 10:55
CVE-2014-0210 7.5