Lucene search

K

26 matches found

CVE
CVE
added 2014/07/20 11:12 a.m.2036 views

CVE-2014-0226

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard h...

6.8CVSS7AI score0.90647EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.1321 views

CVE-2014-0118

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size...

4.3CVSS6.3AI score0.45051EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.355 views

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related ...

7.5CVSS8AI score0.40711EPSS
CVE
CVE
added 2014/07/06 11:55 p.m.323 views

CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from pr...

2.6CVSS8.1AI score0.03945EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.260 views

CVE-2014-3479

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CD...

4.3CVSS8.9AI score0.04474EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.248 views

CVE-2014-0207

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

4.3CVSS8.9AI score0.1675EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.244 views

CVE-2014-3480

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3CVSS8.9AI score0.09239EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.236 views

CVE-2014-3487

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3CVSS8.8AI score0.11794EPSS
CVE
CVE
added 2014/07/03 2:55 p.m.230 views

CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incom...

5CVSS9.1AI score0.0616EPSS
CVE
CVE
added 2014/07/17 5:10 a.m.131 views

CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is fr...

9.3CVSS5.2AI score0.07952EPSS
CVE
CVE
added 2014/07/17 11:17 a.m.124 views

CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

6.5CVSS6.1AI score0.00733EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.120 views

CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS8.8AI score0.07306EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.110 views

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

6.9CVSS6.3AI score0.01034EPSS
CVE
CVE
added 2014/07/17 5:10 a.m.108 views

CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

4CVSS6.1AI score0.00804EPSS
CVE
CVE
added 2014/07/17 11:17 a.m.107 views

CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

5.5CVSS6AI score0.00558EPSS
CVE
CVE
added 2014/07/09 11:7 a.m.107 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double f...

6.9CVSS6.1AI score0.01001EPSS
CVE
CVE
added 2014/07/17 5:10 a.m.94 views

CVE-2014-2490

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

9.3CVSS5.5AI score0.07313EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.92 views

CVE-2014-4667

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

5CVSS5.2AI score0.14138EPSS
CVE
CVE
added 2014/07/17 5:10 a.m.91 views

CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

4CVSS6.1AI score0.00502EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.88 views

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS6.3AI score0.1261EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.81 views

CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

2.1CVSS5.8AI score0.00081EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.76 views

CVE-2014-1557

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolon...

9.3CVSS9.6AI score0.01507EPSS
CVE
CVE
added 2014/07/19 7:55 p.m.76 views

CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before ...

2.1CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.71 views

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

6.8CVSS5.9AI score0.00571EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.65 views

CVE-2014-3162

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

5CVSS6.8AI score0.00436EPSS
CVE
CVE
added 2014/07/22 2:55 p.m.53 views

CVE-2014-4911

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

5CVSS6.3AI score0.00535EPSS