CVE-2014-3647
- EPSS 0.59%
- Veröffentlicht 10.11.2014 11:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3673
- EPSS 7.46%
- Veröffentlicht 10.11.2014 11:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
- EPSS 3.99%
- Veröffentlicht 04.11.2014 16:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing...
- EPSS 5.54%
- Veröffentlicht 03.11.2014 16:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2014-3566
- EPSS 100%
- Veröffentlicht 15.10.2014 00:55:02
- Zuletzt bearbeitet 28.05.2026 18:16:23
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
- EPSS 99.94%
- Veröffentlicht 25.09.2014 01:55:04
- Zuletzt bearbeitet 22.04.2026 14:32:42
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro...
- EPSS 100%
- Veröffentlicht 24.09.2014 18:48:04
- Zuletzt bearbeitet 22.04.2026 16:07:22
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman...
- EPSS 2.2%
- Veröffentlicht 21.08.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-3560
- EPSS 56.38%
- Veröffentlicht 06.08.2014 18:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the u...
CVE-2014-0179
- EPSS 0.56%
- Veröffentlicht 03.08.2014 18:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompa...