CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1963 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2014-1962 | medium | — | 5.0 | 13y ago | Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2014-1961 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | |||
| CVE-2014-1960 | medium | — | 5.0 | 13y ago | The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-1467 | medium | — | 5.0 | 13y ago | BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server… | |||
| CVE-2014-0725 | medium | — | 5.0 | 13y ago | Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file stora… | |||
| CVE-2014-0722 | medium | — | 5.0 | 13y ago | The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradat… | |||
| CVE-2014-0253 | medium | — | 5.0 | 13y ago | Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon … | |||
| CVE-2014-1916 | medium | — | 5.0 | 13y ago | The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through … | |||
| CVE-2014-0044 | medium | — | 5.0 | 13y ago | The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix v… | |||
| CVE-2014-1699 | medium | — | 5.0 | 13y ago | Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | |||
| CVE-2014-1698 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | |||
| CVE-2014-1696 | medium | — | 5.0 | 13y ago | Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2014-1663 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unkno… | |||
| CVE-2014-0020 | medium | — | 5.0 | 13y ago | The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | |||
| CVE-2014-1484 | medium | — | 5.0 | 13y ago | Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. | |||
| CVE-2014-1483 | medium | — | 5.0 | 13y ago | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain t… | |||
| CVE-2014-1439 | medium | — | 5.0 | 13y ago | The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml hand… | |||
| CVE-2014-1833 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||
| CVE-2014-0022 | medium | — | 5.0 | 13y ago | The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP pack… | |||
| CVE-2014-1673 | medium | — | 5.0 | 13y ago | Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. | |||
| CVE-2014-1626 | medium | — | 5.0 | 13y ago | XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read … | |||
| CVE-2014-0677 | medium | — | 5.0 | 13y ago | The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed H… | |||
| CVE-2014-0669 | medium | — | 5.0 | 13y ago | The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions v… | |||
| CVE-2014-0443 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security. | |||
| CVE-2014-0441 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to … | |||
| CVE-2014-0416 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous i… | |||
| CVE-2014-0398 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unk… | |||
| CVE-2014-0396 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2014-0395 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2014-0394 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2014-0391 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown… | |||
| CVE-2014-0376 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous i… | |||
| CVE-2014-0369 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a … | |||
| CVE-2014-0368 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the … | |||
| CVE-2014-5253 | medium | — | 4.9 | 4y ago | OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access … | |||
| CVE-2014-6031 | medium | 4.9 | 4.9 | 9y ago | Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterp… | |||
| CVE-2014-9228 | medium | — | 4.9 | 11y ago | sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlo… | |||
| CVE-2014-9730 | medium | — | 4.9 | 11y ago | The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via… | |||
| CVE-2014-9729 | medium | — | 4.9 | 11y ago | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (syste… | |||
| CVE-2014-9728 | medium | — | 4.9 | 11y ago | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a … | |||
| CVE-2014-9715 | medium | — | 4.9 | 11y ago | include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to… | |||
| CVE-2014-9718 | medium | — | 4.9 | 11y ago | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS… | |||
| CVE-2014-8172 | medium | — | 4.9 | 11y ago | The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of servi… | |||
| CVE-2014-8013 | medium | — | 4.9 | 12y ago | The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | |||
| CVE-2014-8832 | medium | — | 4.9 | 12y ago | The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this dr… | |||
| CVE-2014-8894 | medium | — | 4.9 | 12y ago | Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and … | |||
| CVE-2014-6600 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397. | |||
| CVE-2014-6570 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397. | |||
| CVE-2014-6509 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2014-6268 | medium | — | 4.9 | 12y ago | The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when… | |||
| CVE-2014-9420 | medium | — | 4.9 | 12y ago | The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service… | |||
| CVE-2014-6193 | medium | — | 4.9 | 12y ago | IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. | |||
| CVE-2014-8608 | medium | — | 4.9 | 12y ago | The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer derefer… | |||
| CVE-2014-8867 | medium | — | 4.9 | 12y ago | The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM… | |||
| CVE-2014-9090 | medium | — | 4.9 | 12y ago | The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local … | |||
| CVE-2014-7843 | medium | — | 4.9 | 12y ago | The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte bey… | |||
| CVE-2014-7842 | medium | — | 4.9 | 12y ago | Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction … | |||
| CVE-2014-8481 | medium | — | 4.9 | 12y ago | The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial… | |||
| CVE-2014-8480 | medium | — | 4.9 | 12y ago | The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest… | |||
| CVE-2014-7207 | medium | — | 4.9 | 12y ago | A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause … | |||
| CVE-2014-8580 | medium | — | 4.9 | 12y ago | Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified… | |||
| CVE-2014-7877 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||
| CVE-2014-7298 | medium | — | 4.9 | 12y ago | adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging i… | |||
| CVE-2014-4434 | medium | — | 4.9 | 12y ago | The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | |||
| CVE-2014-6557 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality a… | |||
| CVE-2014-6497 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2014-6461 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors relate… | |||
| CVE-2014-6460 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2014-4275 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. | |||
| CVE-2014-7283 | medium | — | 4.9 | 12y ago | The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a … | |||
| CVE-2014-5411 | medium | — | 4.9 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script … | |||
| CVE-2014-4786 | medium | — | 4.9 | 12y ago | IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remo… | |||
| CVE-2014-6029 | medium | — | 4.9 | 12y ago | TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | |||
| CVE-2014-5339 | medium | — | 4.9 | 12y ago | Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. | |||
| CVE-2014-3084 | medium | — | 4.9 | 12y ago | IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Ma… | |||
| CVE-2014-0888 | medium | — | 4.9 | 12y ago | IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vecto… | |||
| CVE-2014-4790 | medium | — | 4.9 | 12y ago | IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x befor… | |||
| CVE-2014-5252 | medium | — | 4.9 | 12y ago | The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok… | |||
| CVE-2014-5251 | medium | — | 4.9 | 12y ago | The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to… | |||
| CVE-2014-3089 | medium | — | 4.9 | 12y ago | The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includ… | |||
| CVE-2014-3472 | medium | — | 4.9 | 12y ago | The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, … | |||
| CVE-2014-1469 | medium | — | 4.9 | 12y ago | BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive informati… | |||
| CVE-2014-4064 | medium | — | 4.9 | 12y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not … | |||
| CVE-2014-3553 | medium | — | 4.9 | 12y ago | Moodle does not enforce the moodle/site:accessallgroups capability requirement | |||
| CVE-2014-4683 | medium | — | 4.9 | 12y ago | The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||
| CVE-2014-5020 | medium | — | 4.9 | 12y ago | The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read … | |||
| CVE-2014-4224 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. | |||
| CVE-2014-4215 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-201… | |||
| CVE-2014-3953 | medium | — | 4.9 | 12y ago | FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel m… | |||
| CVE-2014-3952 | medium | — | 4.9 | 12y ago | FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain… | |||
| CVE-2014-4013 | medium | — | 4.9 | 12y ago | SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated user… | |||
| CVE-2014-4700 | medium | — | 4.9 | 12y ago | Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspe… | |||
| CVE-2014-0184 | medium | — | 4.9 | 12y ago | Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | |||
| CVE-2014-4655 | medium | — | 4.9 | 12y ago | The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local user… | |||
| CVE-2014-1372 | medium | — | 4.9 | 12y ago | Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from k… | |||
| CVE-2014-1355 | medium | — | 4.9 | 12y ago | The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL point… | |||
| CVE-2014-3880 | medium | — | 4.9 | 12y ago | The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a proces… | |||
| CVE-2014-3145 | medium | — | 4.9 | 12y ago | The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows … | |||
| CVE-2014-3144 | medium | — | 4.9 | 12y ago | The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain l… |