Total
166 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-7926 | 6 Canonical, Google, Icu-project and 3 more | 10 Ubuntu Linux, Chrome, International Components For Unicode and 7 more | 2024-11-21 | N/A |
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. | ||||
CVE-2014-7923 | 6 Canonical, Google, Icu-project and 3 more | 10 Ubuntu Linux, Chrome, International Components For Unicode and 7 more | 2024-11-21 | N/A |
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. | ||||
CVE-2014-7902 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2014-7843 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. | ||||
CVE-2014-6386 | 1 Juniper | 1 Junos | 2024-11-21 | N/A |
Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix. | ||||
CVE-2014-6383 | 1 Juniper | 1 Junos | 2024-11-21 | N/A |
The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. | ||||
CVE-2014-6092 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | N/A |
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name. | ||||
CVE-2014-5426 | 1 Matrikonopc | 1 Dnp3 Opc Server | 2024-11-21 | N/A |
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. | ||||
CVE-2014-5277 | 1 Docker | 2 Docker, Docker-py | 2024-11-21 | N/A |
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
CVE-2014-4498 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. | ||||
CVE-2014-4467 | 1 Apple | 1 Iphone Os | 2024-11-21 | N/A |
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. | ||||
CVE-2014-3637 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2024-11-21 | N/A |
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. | ||||
CVE-2014-3500 | 1 Apache | 1 Cordova | 2024-11-21 | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | ||||
CVE-2014-3248 | 2 Puppet, Puppetlabs | 6 Facter, Hiera, Marionette Collective and 3 more | 2024-11-21 | N/A |
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. | ||||
CVE-2014-2683 | 1 Zend | 10 Zend Framework, Zendopenid, Zendrest and 7 more | 2024-11-21 | N/A |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. | ||||
CVE-2013-7424 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-11-21 | N/A |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. | ||||
CVE-2013-7423 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Glibc, Opensuse and 4 more | 2024-11-21 | N/A |
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | ||||
CVE-2013-6497 | 1 Clamav | 1 Clamav | 2024-11-21 | N/A |
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | ||||
CVE-2013-6494 | 2 Fedoraproject, Fedup Project | 2 Fedora, Fedup | 2024-11-21 | N/A |
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). | ||||
CVE-2013-3646 | 1 Cybozu | 1 Cybozu Live | 2024-11-21 | N/A |
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression. |