- EPSS 9.69%
- Veröffentlicht 02.12.2014 16:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buf...
- EPSS 7.09%
- Veröffentlicht 02.12.2014 16:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
CVE-2014-9087
- EPSS 5.17%
- Veröffentlicht 01.12.2014 15:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer...
CVE-2014-8867
- EPSS 0.47%
- Veröffentlicht 01.12.2014 15:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) v...
CVE-2014-8866
- EPSS 0.43%
- Veröffentlicht 01.12.2014 15:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of register...
CVE-2014-9089
- EPSS 2.42%
- Veröffentlicht 28.11.2014 15:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
CVE-2014-9093
- EPSS 4.14%
- Veröffentlicht 26.11.2014 15:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-9039
- EPSS 2.38%
- Veröffentlicht 25.11.2014 23:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
CVE-2014-9037
- EPSS 2.57%
- Veröffentlicht 25.11.2014 23:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
CVE-2014-9036
- EPSS 2.34%
- Veröffentlicht 25.11.2014 23:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence ...