CVEs from 2014
Total
7,882
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0403 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0375 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0805 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attack… | |||
| CVE-2014-0804 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to … | |||
| CVE-2014-0803 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 a… | |||
| CVE-2014-0802 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create… | |||
| CVE-2014-1405 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-3321 | medium | — | 5.7 | 12y ago | Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a seri… | |||
| CVE-2014-3291 | medium | — | 5.7 | 12y ago | Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data … | |||
| CVE-2014-4364 | medium | 5.6 | 5.6 | 12y ago | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication… | |||
| CVE-2014-1213 | medium | — | 5.6 | 13y ago | Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whi… | |||
| CVE-2014-4978 | medium | 5.5 | 5.5 | 9y ago | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-gr… | |||
| CVE-2014-0219 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in Apache Karaf | |||
| CVE-2014-9637 | medium | 5.5 | 5.5 | 9y ago | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||
| CVE-2014-0146 | medium | 5.5 | 5.5 | 9y ago | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an… | |||
| CVE-2014-0142 | medium | 5.5 | 5.5 | 9y ago | QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel… | |||
| CVE-2014-8180 | medium | 5.5 | 5.5 | 9y ago | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | |||
| CVE-2014-9951 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | |||
| CVE-2014-9947 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |||
| CVE-2014-9983 | medium | 5.5 | 5.5 | 9y ago | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files v… | |||
| CVE-2014-8562 | medium | 5.5 | 5.5 | 9y ago | DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-8355 | medium | 5.5 | 5.5 | 9y ago | PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-9818 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | |||
| CVE-2014-9816 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||
| CVE-2014-9815 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | |||
| CVE-2014-9814 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. | |||
| CVE-2014-9813 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | |||
| CVE-2014-9812 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. | |||
| CVE-2014-9811 | medium | 5.5 | 5.5 | 9y ago | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | |||
| CVE-2014-9810 | medium | 5.5 | 5.5 | 9y ago | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | |||
| CVE-2014-9809 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | |||
| CVE-2014-9808 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | |||
| CVE-2014-9807 | medium | 5.5 | 5.5 | 9y ago | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |||
| CVE-2014-9806 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | |||
| CVE-2014-9805 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||
| CVE-2014-9915 | medium | 5.5 | 5.5 | 9y ago | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | |||
| CVE-2014-9840 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||
| CVE-2014-9838 | medium | 5.5 | 5.5 | 9y ago | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||
| CVE-2014-9836 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||
| CVE-2014-9845 | medium | 5.5 | 5.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | |||
| CVE-2014-9844 | medium | 5.5 | 5.5 | 9y ago | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||
| CVE-2014-9853 | medium | 5.5 | 5.5 | 9y ago | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||
| CVE-2014-9645 | medium | 5.5 | 5.5 | 9y ago | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demo… | |||
| CVE-2014-9900 | medium | 5.5 | 5.5 | 10y ago | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure,… | |||
| CVE-2014-9899 | medium | 5.5 | 5.5 | 10y ago | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensit… | |||
| CVE-2014-9898 | medium | 5.5 | 5.5 | 10y ago | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers … | |||
| CVE-2014-9897 | medium | 5.5 | 5.5 | 10y ago | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive… | |||
| CVE-2014-9896 | medium | 5.5 | 5.5 | 10y ago | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtai… | |||
| CVE-2014-9895 | medium | 5.5 | 5.5 | 10y ago | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows … | |||
| CVE-2014-9894 | medium | 5.5 | 5.5 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to o… | |||
| CVE-2014-9893 | medium | 5.5 | 5.5 | 10y ago | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtai… | |||
| CVE-2014-9892 | medium | 5.5 | 5.5 | 10y ago | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a ti… | |||
| CVE-2014-9798 | medium | 5.5 | 5.5 | 10y ago | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows atta… | |||
| CVE-2014-9903 | medium | 5.5 | 5.5 | 10y ago | The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memo… | |||
| CVE-2014-2332 | medium | — | 5.5 | 11y ago | Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOT… | |||
| CVE-2014-6129 | medium | — | 5.5 | 11y ago | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.… | |||
| CVE-2014-7882 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-6586 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2014-6576 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidenti… | |||
| CVE-2014-9493 | medium | — | 5.5 | 12y ago | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR… | |||
| CVE-2014-6122 | medium | — | 5.5 | 12y ago | IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows… | |||
| CVE-2014-9363 | medium | — | 5.5 | 12y ago | Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary we… | |||
| CVE-2014-7837 | medium | — | 5.5 | 12y ago | Moodle allows attackers to remove wiki pages | |||
| CVE-2014-9023 | medium | — | 5.5 | 12y ago | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tok… | |||
| CVE-2014-8559 | medium | 5.5 | 5.5 | 12y ago | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and syst… | |||
| CVE-2014-3690 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allow… | |||
| CVE-2014-3647 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a c… | |||
| CVE-2014-3646 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest O… | |||
| CVE-2014-3610 | medium | 5.5 | 5.5 | 12y ago | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows g… | |||
| CVE-2014-6032 | medium | — | 5.5 | 12y ago | Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.… | |||
| CVE-2014-6554 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknow… | |||
| CVE-2014-6489 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. | |||
| CVE-2014-7975 | medium | 5.5 | 5.5 | 12y ago | The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which all… | |||
| CVE-2014-7970 | medium | 5.5 | 5.5 | 12y ago | The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of… | |||
| CVE-2014-3399 | medium | — | 5.5 | 12y ago | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows… | |||
| CVE-2014-3521 | medium | — | 5.5 | 12y ago | The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. | |||
| CVE-2014-4373 | medium | 5.5 | 5.5 | 12y ago | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart… | |||
| CVE-2014-4806 | medium | 5.5 | 5.5 | 12y ago | The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux place… | |||
| CVE-2014-3464 | medium | — | 5.5 | 12y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo… | |||
| CVE-2014-4260 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors … | |||
| CVE-2014-4229 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect … | |||
| CVE-2014-2496 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity v… | |||
| CVE-2014-2482 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity… | |||
| CVE-2014-2456 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiali… | |||
| CVE-2014-4976 | medium | — | 5.5 | 12y ago | Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||
| CVE-2014-3317 | medium | — | 5.5 | 12y ago | Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete ar… | |||
| CVE-2014-3088 | medium | — | 5.5 | 12y ago | stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to… | |||
| CVE-2014-1383 | medium | — | 5.5 | 12y ago | Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. | |||
| CVE-2014-0203 | medium | 5.5 | 5.5 | 12y ago | The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause… | |||
| CVE-2014-3292 | medium | — | 5.5 | 12y ago | The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL,… | |||
| CVE-2014-3968 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an e… | |||
| CVE-2014-3967 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of servic… | |||
| CVE-2014-3835 | medium | — | 5.5 | 12y ago | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vect… | |||
| CVE-2014-1685 | medium | — | 5.5 | 12y ago | The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | |||
| CVE-2014-2986 | medium | — | 5.5 | 12y ago | The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denia… | |||
| CVE-2014-2915 | medium | — | 5.5 | 12y ago | Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vecto… | |||
| CVE-2014-0642 | medium | — | 5.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… | |||
| CVE-2014-0155 | medium | — | 5.5 | 12y ago | The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial… | |||
| CVE-2014-0077 | medium | — | 5.5 | 12y ago | drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memor… | |||
| CVE-2014-0055 | medium | — | 5.5 | 12y ago | The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_v… |