CVE-2014-5177
- EPSS 0.53%
- Veröffentlicht 03.08.2014 18:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the ...
CVE-2014-2483
- EPSS 5.23%
- Veröffentlicht 17.07.2014 05:10:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CV...
CVE-2014-4027
- EPSS 0.65%
- Veröffentlicht 23.06.2014 11:21:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveragin...
- EPSS 2.44%
- Veröffentlicht 14.06.2014 11:18:54
- Zuletzt bearbeitet 06.05.2026 22:30:45
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
CVE-2014-0249
- EPSS 0.34%
- Veröffentlicht 11.06.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
CVE-2014-0224
- EPSS 95.33%
- Veröffentlicht 05.06.2014 21:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...
CVE-2014-3470
- EPSS 85.78%
- Veröffentlicht 05.06.2014 21:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen...
CVE-2014-0221
- EPSS 87.89%
- Veröffentlicht 05.06.2014 21:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS...
CVE-2014-3917
- EPSS 0.36%
- Veröffentlicht 05.06.2014 17:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a lar...
- EPSS 0.27%
- Veröffentlicht 05.06.2014 17:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering...