Search Results (23546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3518 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more 2025-04-12 N/A
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-3530 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more 2025-04-12 N/A
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2014-3534 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2025-04-12 N/A
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
CVE-2014-3538 4 Christos Zoulas, Debian, Php and 1 more 5 File, Debian Linux, Php and 2 more 2025-04-12 N/A
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
CVE-2014-3559 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
CVE-2014-3562 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2025-04-12 N/A
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-3565 4 Apple, Canonical, Net-snmp and 1 more 4 Mac Os X, Ubuntu Linux, Net-snmp and 1 more 2025-04-12 N/A
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
CVE-2014-3570 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-12 N/A
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
CVE-2014-3573 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-12 N/A
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
CVE-2014-3574 2 Apache, Redhat 6 Poi, Jboss Bpms, Jboss Brms and 3 more 2025-04-12 N/A
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CVE-2014-3575 3 Apache, Libreoffice, Redhat 6 Openoffice, Libreoffice, Enterprise Linux and 3 more 2025-04-12 N/A
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-3577 2 Apache, Redhat 18 Httpasyncclient, Httpclient, Enterprise Linux and 15 more 2025-04-12 N/A
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
CVE-2014-3580 4 Apache, Apple, Debian and 1 more 9 Subversion, Xcode, Debian Linux and 6 more 2025-04-12 N/A
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
CVE-2014-3587 3 Christos Zoulas, Php, Redhat 4 File, Php, Enterprise Linux and 1 more 2025-04-12 N/A
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
CVE-2014-3595 2 Redhat, Suse 7 Network Satellite, Satellite, Satellite With Embedded Oracle and 4 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
CVE-2014-3597 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
CVE-2014-3601 5 Canonical, Linux, Opensuse and 2 more 7 Ubuntu Linux, Linux Kernel, Evergreen and 4 more 2025-04-12 N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2014-3610 6 Canonical, Debian, Linux and 3 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 5.5 Medium
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
CVE-2014-3613 3 Apple, Haxx, Redhat 4 Mac Os X, Curl, Libcurl and 1 more 2025-04-12 N/A
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
CVE-2014-3619 3 Gluster, Opensuse, Redhat 4 Glusterfs, Opensuse, Rhel Common and 1 more 2025-04-12 N/A
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.