CVE-2014-3564
- EPSS 4.29%
- Veröffentlicht 20.10.2014 17:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors rela...
CVE-2014-3704
- EPSS 99.97%
- Veröffentlicht 16.10.2014 00:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2014-3686
- EPSS 4.95%
- Veröffentlicht 16.10.2014 00:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
- EPSS 2.2%
- Veröffentlicht 15.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
CVE-2014-3566
- EPSS 100%
- Veröffentlicht 15.10.2014 00:55:02
- Zuletzt bearbeitet 28.05.2026 18:16:23
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-5270
- EPSS 0.53%
- Veröffentlicht 10.10.2014 01:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the...
- EPSS 4.28%
- Veröffentlicht 07.10.2014 14:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
CVE-2014-6054
- EPSS 5.54%
- Veröffentlicht 06.10.2014 14:55:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) Palm...
CVE-2014-7154
- EPSS 0.74%
- Veröffentlicht 02.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
CVE-2014-7155
- EPSS 0.97%
- Veröffentlicht 02.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges ...