Max CVSS 10.0 Min CVSS 2.1 Total Count103
IDCVSSSummaryLast (major) updatePublished
CVE-2013-4578 5.0
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
29-12-2017 - 17:29 29-12-2017 - 17:29
CVE-2014-0591 2.6
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemo
06-01-2017 - 21:59 13-01-2014 - 23:29
CVE-2014-0497 10.0
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
06-01-2017 - 21:59 05-02-2014 - 00:15
CVE-2014-0423 5.5
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0416 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0411 4.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous inf
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0368 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2013-6450 5.8
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a differe
06-01-2017 - 21:59 01-01-2014 - 11:05
CVE-2013-6449 4.3
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 cl
06-01-2017 - 21:59 23-12-2013 - 17:55
CVE-2013-4353 4.3
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
06-01-2017 - 21:59 08-01-2014 - 20:55
CVE-2014-1491 5.0
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellma
30-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1490 5.0
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to ca
30-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2013-6030 5.0
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc
30-12-2016 - 21:59 23-01-2014 - 23:38
CVE-2013-4514 4.7
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long
30-12-2016 - 21:59 12-11-2013 - 09:35
CVE-2014-1489 4.3
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1488 10.0
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1487 5.0
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information v
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1486 10.0
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unsp
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1485 7.5
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute a
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1483 4.3
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPosi
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1482 10.0
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of s
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1481 5.0
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across differe
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1480 4.3
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1479 5.0
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intende
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1478 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1477 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and app
21-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2013-4396 6.5
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a cra
28-11-2016 - 14:09 10-10-2013 - 06:55
CVE-2013-2067 6.8
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
28-11-2016 - 14:09 01-06-2013 - 10:21
CVE-2014-1484 5.0
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
15-11-2016 - 14:45 06-02-2014 - 00:44
CVE-2014-0428 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is f
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0424 7.5
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0422 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is fr
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0417 9.3
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0415 10.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0410 10.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0403 5.8
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0387 7.6
Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0376 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0375 5.8
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0373 7.5
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from t
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5910 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5907 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. N
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5899 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5898 4.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5896 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5893 9.3
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is fro
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5889 9.3
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5888 4.6
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5887 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5884 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Ora
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5878 7.5
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2014-0678 5.5
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
09-09-2016 - 10:38 25-01-2014 - 17:55
CVE-2013-6393 6.8
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML docum
04-08-2016 - 14:25 06-02-2014 - 17:55
CVE-2013-4345 5.8
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, l
31-03-2016 - 13:30 10-10-2013 - 06:55
CVE-2013-6054 7.5
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
27-07-2015 - 12:11 12-12-2013 - 13:55
CVE-2013-6045 7.5
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
27-07-2015 - 12:10 12-12-2013 - 13:55
CVE-2013-4483 4.9
The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
17-03-2015 - 21:59 04-11-2013 - 10:55
CVE-2013-6424 5.0
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
16-03-2015 - 21:59 18-01-2014 - 14:55
CVE-2012-3544 5.0
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
11-12-2014 - 21:59 01-06-2013 - 10:21
CVE-2013-6378 4.4
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
17-07-2014 - 01:01 26-11-2013 - 23:43
CVE-2013-7130 7.1
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attacke
21-06-2014 - 00:37 06-02-2014 - 12:00
CVE-2013-0345 2.1
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third
08-05-2014 - 10:49 08-05-2014 - 10:29
CVE-2012-6619 6.4
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which
06-05-2014 - 23:45 06-03-2014 - 10:55
CVE-2013-6052 5.0
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
05-05-2014 - 01:29 12-12-2013 - 13:55
CVE-2013-4484 5.0
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
05-05-2014 - 01:26 31-10-2013 - 22:55
CVE-2013-1447 5.0
OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.
05-05-2014 - 01:20 12-12-2013 - 13:55
CVE-2013-6462 9.3
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character nam
19-04-2014 - 00:44 09-01-2014 - 13:55
CVE-2013-6383 6.9
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
26-03-2014 - 00:54 26-11-2013 - 23:43
CVE-2013-6368 6.2
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
26-03-2014 - 00:54 14-12-2013 - 13:08
CVE-2013-6367 5.7
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
26-03-2014 - 00:54 14-12-2013 - 13:08
CVE-2013-7271 4.9
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kerne
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7270 4.9
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information fr
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7269 4.9
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7268 4.9
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kerne
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7267 4.9
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7266 4.9
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive inf
16-03-2014 - 00:43 06-01-2014 - 11:55
CVE-2013-7027 6.1
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-r
16-03-2014 - 00:43 09-12-2013 - 13:55
CVE-2013-6380 4.7
The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have
16-03-2014 - 00:42 26-11-2013 - 23:43
CVE-2013-6376 5.2
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
16-03-2014 - 00:42 14-12-2013 - 13:08
CVE-2013-4587 7.2
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
16-03-2014 - 00:39 14-12-2013 - 13:08
CVE-2013-6425 5.0
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
05-03-2014 - 23:49 18-01-2014 - 14:55
CVE-2013-6359 4.3
Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
05-03-2014 - 23:49 13-12-2013 - 13:55
CVE-2013-6048 5.0
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
05-03-2014 - 23:49 13-12-2013 - 13:55
CVE-2013-4592 4.0
Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
05-03-2014 - 23:47 20-11-2013 - 08:19
CVE-2013-4515 4.9
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_
05-03-2014 - 23:47 12-11-2013 - 09:35
CVE-2013-4511 6.9
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, r
05-03-2014 - 23:47 12-11-2013 - 09:35
CVE-2013-2930 3.6
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
05-03-2014 - 23:46 09-12-2013 - 13:55
CVE-2013-2071 2.6
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive req
05-03-2014 - 23:45 01-06-2013 - 10:21
CVE-2014-0978 9.3
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
21-02-2014 - 00:06 10-01-2014 - 12:55
CVE-2014-0027 3.3
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
21-02-2014 - 00:06 25-01-2014 - 20:55
CVE-2013-7299 5.0
framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include heade
21-02-2014 - 00:06 26-01-2014 - 15:55
CVE-2014-1213 5.6
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protecti
11-02-2014 - 15:40 10-02-2014 - 18:55
CVE-2014-0419 5.1
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, an
06-02-2014 - 23:51 15-01-2014 - 11:08
CVE-2013-2146 4.7
arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system cras
06-02-2014 - 23:46 07-06-2013 - 10:03
CVE-2013-4969 2.1
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
23-01-2014 - 23:36 07-01-2014 - 13:55
CVE-2013-4576 2.1
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis
23-01-2014 - 23:35 20-12-2013 - 16:55
CVE-2013-6412 4.6
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modif
23-01-2014 - 12:55 22-01-2014 - 19:55
CVE-2013-6955 10.0
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathna
10-01-2014 - 08:54 09-01-2014 - 13:07
CVE-2013-6987 7.5
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter t
02-01-2014 - 11:10 31-12-2013 - 11:04
CVE-2013-3705 4.9
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.
23-12-2013 - 17:29 22-12-2013 - 10:16
CVE-2013-6051 4.3
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
16-12-2013 - 15:41 14-12-2013 - 12:21
CVE-2011-0633 4.3
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by
25-05-2011 - 00:00 13-05-2011 - 18:55
CVE-2010-2253 6.8
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Dis
06-11-2010 - 01:37 06-07-2010 - 13:17
Back to Top Mark selected
Back to Top