CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1638 | low | — | 3.3 | 13y ago | (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new fil… | |||
| CVE-2014-0027 | low | — | 3.3 | 13y ago | The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from t… | |||
| CVE-2014-1447 | low | — | 3.3 | 13y ago | Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepaliv… | |||
| CVE-2014-1208 | low | — | 3.3 | 13y ago | VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of … | |||
| CVE-2014-0393 | low | — | 3.3 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknow… | |||
| CVE-2014-6595 | low | — | 3.2 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA… | |||
| CVE-2014-6590 | low | — | 3.2 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA… | |||
| CVE-2014-6589 | low | — | 3.2 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA… | |||
| CVE-2014-6588 | low | — | 3.2 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA… | |||
| CVE-2014-7251 | low | — | 3.2 | 12y ago | XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consu… | |||
| CVE-2014-8607 | low | — | 3.1 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command. | |||
| CVE-2014-100039 | low | — | 3.1 | 12y ago | mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read.… | |||
| CVE-2014-9418 | low | — | 3.1 | 12y ago | The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. | |||
| CVE-2014-9417 | low | — | 3.1 | 12y ago | The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||
| CVE-2014-4703 | low | — | 3.1 | 12y ago | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca… | |||
| CVE-2014-1739 | low | — | 3.1 | 12y ago | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive in… | |||
| CVE-2014-2486 | low | — | 3.0 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availa… | |||
| CVE-2014-0361 | low | — | 3.0 | 12y ago | The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dep… | |||
| CVE-2014-9415 | low | — | 2.9 | 12y ago | Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | |||
| CVE-2014-6381 | low | — | 2.9 | 12y ago | Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a… | |||
| CVE-2014-4750 | low | — | 2.9 | 12y ago | IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. | |||
| CVE-2014-0905 | low | — | 2.9 | 12y ago | IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting it… | |||
| CVE-2014-5171 | low | — | 2.9 | 12y ago | SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and othe… | |||
| CVE-2014-3970 | low | — | 2.9 | 12y ago | The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an emp… | |||
| CVE-2014-2568 | low | — | 2.9 | 12y ago | Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory… | |||
| CVE-2014-0131 | low | — | 2.9 | 12y ago | Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the … | |||
| CVE-2014-4243 | low | — | 2.8 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. | |||
| CVE-2014-2432 | low | — | 2.8 | 12y ago | Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. | |||
| CVE-2014-0430 | low | — | 2.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. | |||
| CVE-2014-0420 | low | — | 2.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors relate… | |||
| CVE-2014-0370 | low | — | 2.8 | 13y ago | Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical T… | |||
| CVE-2014-3608 | low | — | 2.7 | 12y ago | The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into t… | |||
| CVE-2014-4022 | low | — | 2.7 | 12y ago | The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which al… | |||
| CVE-2014-3493 | low | — | 2.7 | 12y ago | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon … | |||
| CVE-2014-4021 | low | — | 2.7 | 12y ago | Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-0624 | low | — | 2.7 | 12y ago | EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions vi… | |||
| CVE-2014-1948 | low | — | 2.6 | 4y ago | OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN… | |||
| CVE-2014-6591 | low | — | 2.6 | 12y ago | Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vuln… | |||
| CVE-2014-6585 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6… | |||
| CVE-2014-9478 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2014-9269 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web s… | |||
| CVE-2014-9507 | low | — | 2.6 | 12y ago | MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content… | |||
| CVE-2014-9433 | low | — | 2.6 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web scr… | |||
| CVE-2014-4440 | low | — | 2.6 | 12y ago | The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive … | |||
| CVE-2014-6558 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vector… | |||
| CVE-2014-6527 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. | |||
| CVE-2014-6502 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. | |||
| CVE-2014-2478 | low | — | 2.6 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2014-2226 | low | — | 2.6 | 12y ago | Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-3886 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: thi… | |||
| CVE-2014-4208 | low | — | 2.6 | 12y ago | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than… | |||
| CVE-2014-4721 | low | — | 2.6 | 12y ago | The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_S… | |||
| CVE-2014-3737 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject a… | |||
| CVE-2014-1380 | low | — | 2.6 | 12y ago | The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechani… | |||
| CVE-2014-2000 | low | — | 2.6 | 12y ago | The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||
| CVE-2014-3966 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to i… | |||
| CVE-2014-0595 | low | — | 2.6 | 12y ago | /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permissi… | |||
| CVE-2014-1647 | low | — | 2.6 | 12y ago | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of se… | |||
| CVE-2014-1646 | low | — | 2.6 | 12y ago | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of servi… | |||
| CVE-2014-2431 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. | |||
| CVE-2014-2420 | low | — | 2.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||
| CVE-2014-2333 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these… | |||
| CVE-2014-1826 | low | — | 2.6 | 12y ago | Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-1504 | low | — | 2.6 | 12y ago | The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduc… | |||
| CVE-2014-1690 | low | — | 2.6 | 12y ago | The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in whic… | |||
| CVE-2014-0046 | low | — | 2.6 | 13y ago | ember-source Cross-site Scripting vulnerability | |||
| CVE-2014-0381 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Te… | |||
| CVE-2014-0591 | low | — | 2.6 | 13y ago | The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a de… | |||
| CVE-2014-6278 | unknown | — | 2.5 | 8mo ago | GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. | |||
| CVE-2014-0497 | unknown | — | 2.5 | 2y ago | Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. | |||
| CVE-2014-100005 | unknown | — | 2.5 | 2y ago | D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. | |||
| CVE-2014-8361 | unknown | — | 2.5 | 3y ago | Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | |||
| CVE-2014-0196 | unknown | — | 2.5 | 3y ago | Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with l… | |||
| CVE-2014-3153 | unknown | — | 2.5 | 4y ago | The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. | |||
| CVE-2014-3120 | unknown | — | 2.5 | 4y ago | Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. | |||
| CVE-2014-0160 | unknown | — | 2.5 | 4y ago | The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | |||
| CVE-2014-0322 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | |||
| CVE-2014-4113 | unknown | — | 2.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2014-0780 | unknown | — | 2.5 | 4y ago | InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | |||
| CVE-2014-6287 | unknown | — | 2.5 | 4y ago | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. | |||
| CVE-2014-6332 | unknown | — | 2.5 | 4y ago | OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site. | |||
| CVE-2014-6324 | unknown | — | 2.5 | 4y ago | The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges. | |||
| CVE-2014-4114 | unknown | — | 2.5 | 4y ago | A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. | |||
| CVE-2014-6352 | unknown | — | 2.5 | 4y ago | Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. | |||
| CVE-2014-1761 | unknown | — | 2.5 | 4y ago | Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. | |||
| CVE-2014-4404 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | |||
| CVE-2014-7169 | unknown | — | 2.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vul… | |||
| CVE-2014-6271 | unknown | — | 2.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. | |||
| CVE-2014-1812 | unknown | — | 2.5 | 5y ago | Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker … | |||
| CVE-2014-2350 | low | — | 2.4 | 12y ago | Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrat… | |||
| CVE-2014-0406 | low | — | 2.4 | 13y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and avail… | |||
| CVE-2014-0404 | low | — | 2.4 | 13y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and avail… | |||
| CVE-2014-2495 | low | — | 2.3 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vecto… | |||
| CVE-2014-4027 | low | — | 2.3 | 12y ago | The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensiti… | |||
| CVE-2014-1652 | low | — | 2.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unsp… | |||
| CVE-2014-2573 | low | — | 2.3 | 12y ago | The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denia… | |||
| CVE-2014-0056 | low | — | 2.1 | 4y ago | The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants … | |||
| CVE-2014-8991 | low | — | 2.1 | 4y ago | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. | |||
| CVE-2014-9731 | low | — | 2.1 | 11y ago | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local … | |||
| CVE-2014-9740 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary … |