Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-5118 2.1
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
18-11-2019 - 23:15 18-11-2019 - 23:15
CVE-2014-0249 3.3
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
22-04-2019 - 17:48 11-06-2014 - 14:55
CVE-2015-0236 3.5
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interf
30-10-2018 - 16:27 29-01-2015 - 15:59
CVE-2014-9273 4.6
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
30-10-2018 - 16:27 08-12-2014 - 16:59
CVE-2014-3693 7.5
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP p
30-10-2018 - 16:27 07-11-2014 - 19:55
CVE-2014-8121 5.0
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by perfor
17-10-2018 - 19:01 27-03-2015 - 14:59
CVE-2012-6662 4.3
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope
14-07-2018 - 01:29 24-11-2014 - 16:59
CVE-2014-1545 10.0
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Per: http://cwe.mitre.org/data/defini
28-12-2017 - 02:29 11-06-2014 - 10:57
CVE-2014-9278 4.0
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass in
08-09-2017 - 01:29 06-12-2014 - 15:59
CVE-2014-8106 4.6
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for
08-09-2017 - 01:29 08-12-2014 - 16:59
CVE-2014-3581 5.0
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP
29-08-2017 - 01:34 10-10-2014 - 10:55
CVE-2014-8964 5.0
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
01-07-2017 - 01:29 16-12-2014 - 18:59
CVE-2014-0172 6.8
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
01-07-2017 - 01:29 11-04-2014 - 15:55
CVE-2014-5031 5.0
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
07-01-2017 - 03:00 29-07-2014 - 14:55
CVE-2014-4039 2.1
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var
07-01-2017 - 03:00 17-06-2014 - 15:55
CVE-2015-0836 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
24-12-2016 - 02:59 25-02-2015 - 11:59
CVE-2014-9423 5.0
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attacker
28-11-2016 - 19:13 19-02-2015 - 11:59
CVE-2014-7300 7.2
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstati
31-08-2016 - 15:08 25-12-2014 - 21:59
CVE-2014-0189 2.1
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
26-08-2016 - 12:02 02-05-2014 - 14:55
CVE-2014-8112 4.0
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re
30-06-2016 - 16:55 10-03-2015 - 14:59
CVE-2014-8105 5.0
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
30-06-2016 - 16:53 10-03-2015 - 14:59
CVE-2015-0274 7.2
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges
27-03-2015 - 01:59 16-03-2015 - 10:59
CVE-2014-4040 5.0
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain
12-03-2015 - 01:59 17-06-2014 - 15:55
Back to Top Mark selected
Back to Top