CVE-2014-3537
- EPSS 0.38%
- Veröffentlicht 23.07.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
CVE-2014-4167
- EPSS 1.66%
- Veröffentlicht 11.07.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
CVE-2014-4699
- EPSS 2.32%
- Veröffentlicht 09.07.2014 11:07:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain p...
- EPSS 3.92%
- Veröffentlicht 03.07.2014 17:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
- EPSS 5.93%
- Veröffentlicht 03.07.2014 04:22:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
CVE-2014-4608
- EPSS 5.42%
- Veröffentlicht 03.07.2014 04:22:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a cra...
CVE-2014-4652
- EPSS 0.34%
- Veröffentlicht 03.07.2014 04:22:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory b...
CVE-2014-4653
- EPSS 0.5%
- Veröffentlicht 03.07.2014 04:22:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from ke...
CVE-2014-4654
- EPSS 0.5%
- Veröffentlicht 03.07.2014 04:22:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and ...
CVE-2014-4655
- EPSS 0.49%
- Veröffentlicht 03.07.2014 04:22:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow an...