CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3122 | medium | — | 4.9 | 12y ago | The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system c… | |||
| CVE-2014-1320 | medium | — | 4.9 | 12y ago | IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR pr… | |||
| CVE-2014-2597 | medium | — | 4.9 | 12y ago | PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which tr… | |||
| CVE-2014-0150 | medium | — | 4.9 | 12y ago | Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, whic… | |||
| CVE-2014-2426 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors r… | |||
| CVE-2014-0447 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876. | |||
| CVE-2014-2384 | medium | — | 4.9 | 12y ago | vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via… | |||
| CVE-2014-1896 | medium | — | 4.9 | 12y ago | The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore … | |||
| CVE-2014-0062 | medium | — | 4.9 | 12y ago | Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow… | |||
| CVE-2014-2599 | medium | — | 4.9 | 12y ago | The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveragin… | |||
| CVE-2014-0343 | medium | — | 4.9 | 12y ago | The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modifi… | |||
| CVE-2014-2585 | medium | — | 4.9 | 12y ago | ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. | |||
| CVE-2014-0127 | medium | — | 4.9 | 12y ago | Moodle's time-validation implementation allows bypassing intended restrictions | |||
| CVE-2014-0122 | medium | — | 4.9 | 12y ago | Moodle allows bypass of intended access restrictions | |||
| CVE-2014-0123 | medium | — | 4.9 | 12y ago | Moodle does not properly restrict access | |||
| CVE-2014-0845 | medium | — | 4.9 | 12y ago | Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users… | |||
| CVE-2014-2039 | medium | — | 4.9 | 12y ago | arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (sy… | |||
| CVE-2014-1874 | medium | — | 4.9 | 12y ago | The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_… | |||
| CVE-2014-0817 | medium | — | 4.9 | 12y ago | Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. | |||
| CVE-2014-0682 | medium | — | 4.9 | 13y ago | Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL,… | |||
| CVE-2014-0651 | medium | — | 4.9 | 13y ago | The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hi… | |||
| CVE-2014-3405 | medium | — | 4.8 | 12y ago | Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, … | |||
| CVE-2014-3290 | medium | — | 4.8 | 12y ago | The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the n… | |||
| CVE-2014-3295 | medium | — | 4.8 | 12y ago | The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via… | |||
| CVE-2014-8823 | medium | — | 4.7 | 12y ago | The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leve… | |||
| CVE-2014-4498 | medium | — | 4.7 | 12y ago | The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option R… | |||
| CVE-2014-9066 | medium | — | 4.7 | 12y ago | Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog… | |||
| CVE-2014-8866 | medium | — | 4.7 | 12y ago | The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vec… | |||
| CVE-2014-3611 | medium | 4.7 | 4.7 | 12y ago | Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS cras… | |||
| CVE-2014-0476 | low | — | 4.7 | 12y ago | The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerabilit… | |||
| CVE-2014-4442 | medium | — | 4.7 | 12y ago | The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | |||
| CVE-2014-4432 | medium | — | 4.7 | 12y ago | fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attacke… | |||
| CVE-2014-4430 | medium | — | 4.7 | 12y ago | CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data… | |||
| CVE-2014-8086 | medium | 4.7 | 4.7 | 12y ago | Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a wri… | |||
| CVE-2014-6410 | medium | — | 4.7 | 12y ago | The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of se… | |||
| CVE-2014-3184 | medium | — | 4.7 | 12y ago | The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device th… | |||
| CVE-2014-4200 | medium | — | 4.7 | 12y ago | vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensiti… | |||
| CVE-2014-0762 | medium | — | 4.7 | 12y ago | The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causi… | |||
| CVE-2014-5149 | medium | — | 4.7 | 12y ago | Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by in… | |||
| CVE-2014-5146 | medium | — | 4.7 | 12y ago | Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a de… | |||
| CVE-2014-4508 | medium | — | 4.7 | 12y ago | arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of se… | |||
| CVE-2014-4171 | medium | — | 4.7 | 12y ago | mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex … | |||
| CVE-2014-0930 | medium | — | 4.7 | 12y ago | The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT… | |||
| CVE-2014-0645 | medium | — | 4.7 | 12y ago | EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen… | |||
| CVE-2014-2678 | medium | — | 4.7 | 12y ago | The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecifi… | |||
| CVE-2014-2673 | medium | — | 4.7 | 12y ago | The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact… | |||
| CVE-2014-1253 | medium | — | 4.7 | 13y ago | AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable … | |||
| CVE-2014-1438 | medium | — | 4.7 | 13y ago | The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMM… | |||
| CVE-2014-1928 | medium | — | 4.6 | 8y ago | The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors,… | |||
| CVE-2014-7954 | medium | 4.6 | 4.6 | 9y ago | Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target… | |||
| CVE-2014-9646 | medium | — | 4.6 | 12y ago | Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Googl… | |||
| CVE-2014-6556 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confide… | |||
| CVE-2014-6548 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B E… | |||
| CVE-2014-8398 | medium | — | 4.6 | 12y ago | Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3)… | |||
| CVE-2014-8397 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is… | |||
| CVE-2014-8396 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same … | |||
| CVE-2014-8395 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the sam… | |||
| CVE-2014-8394 | medium | — | 4.6 | 12y ago | Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2… | |||
| CVE-2014-4634 | medium | — | 4.6 | 12y ago | Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed … | |||
| CVE-2014-9091 | medium | — | 4.6 | 12y ago | Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-9273 | medium | — | 4.6 | 12y ago | lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. | |||
| CVE-2014-8106 | medium | — | 4.6 | 12y ago | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this… | |||
| CVE-2014-7254 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. | |||
| CVE-2014-7252 | medium | — | 4.6 | 12y ago | Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, … | |||
| CVE-2014-8989 | medium | — | 4.6 | 12y ago | The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by l… | |||
| CVE-2014-7817 | medium | — | 4.6 | 12y ago | The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containin… | |||
| CVE-2014-5388 | medium | — | 4.6 | 12y ago | Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact relate… | |||
| CVE-2014-0223 | medium | — | 4.6 | 12y ago | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, whi… | |||
| CVE-2014-8494 | medium | — | 4.6 | 12y ago | ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2014-8535 | medium | — | 4.6 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. | |||
| CVE-2014-5148 | medium | — | 4.6 | 12y ago | Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an in… | |||
| CVE-2014-7180 | medium | — | 4.6 | 12y ago | Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by… | |||
| CVE-2014-4425 | medium | — | 4.6 | 12y ago | CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtai… | |||
| CVE-2014-4280 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than… | |||
| CVE-2014-0572 | medium | — | 4.6 | 12y ago | Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions vi… | |||
| CVE-2014-2639 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | |||
| CVE-2014-2972 | medium | — | 4.6 | 12y ago | expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | |||
| CVE-2014-3335 | medium | — | 4.6 | 12y ago | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of… | |||
| CVE-2014-2631 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. | |||
| CVE-2014-4910 | medium | — | 4.6 | 12y ago | Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface nam… | |||
| CVE-2014-4685 | medium | — | 4.6 | 12y ago | Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. | |||
| CVE-2014-2369 | medium | — | 4.6 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authen… | |||
| CVE-2014-2477 | low | — | 4.6 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availa… | |||
| CVE-2014-4698 | medium | — | 4.6 | 12y ago | Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impac… | |||
| CVE-2014-4670 | medium | — | 4.6 | 12y ago | Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2014-4656 | medium | — | 4.6 | 12y ago | Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX… | |||
| CVE-2014-4654 | medium | — | 4.6 | 12y ago | The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, whic… | |||
| CVE-2014-4653 | medium | — | 4.6 | 12y ago | sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-a… | |||
| CVE-2014-1350 | medium | — | 4.6 | 12y ago | Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state mana… | |||
| CVE-2014-4157 | medium | — | 4.6 | 12y ago | arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass inte… | |||
| CVE-2014-4509 | medium | — | 4.6 | 12y ago | The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirecto… | |||
| CVE-2014-3980 | medium | — | 4.6 | 12y ago | libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-0935 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. | |||
| CVE-2014-0209 | medium | — | 4.6 | 12y ago | Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a di… | |||
| CVE-2014-0684 | medium | — | 4.6 | 12y ago | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | |||
| CVE-2014-3130 | medium | — | 4.6 | 12y ago | The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and exe… | |||
| CVE-2014-2889 | medium | — | 4.6 | 12y ago | Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system cras… | |||
| CVE-2014-0442 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. | |||
| CVE-2014-0421 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2014-0924 | medium | — | 4.6 | 12y ago | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended acces… |