CVE-2014-9093
- EPSS 4.14%
- Veröffentlicht 26.11.2014 15:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2010-5312
- EPSS 18.35%
- Veröffentlicht 24.11.2014 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
- EPSS 3.94%
- Veröffentlicht 24.11.2014 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
- EPSS 3.85%
- Veröffentlicht 31.10.2014 14:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
CVE-2014-3566
- EPSS 100%
- Veröffentlicht 15.10.2014 00:55:02
- Zuletzt bearbeitet 28.05.2026 18:16:23
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-1573
- EPSS 2.33%
- Veröffentlicht 13.10.2014 01:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-sit...
- EPSS 1.84%
- Veröffentlicht 13.10.2014 01:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for th...
- EPSS 1.35%
- Veröffentlicht 13.10.2014 01:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, ...
CVE-2014-6394
- EPSS 4.26%
- Veröffentlicht 08.10.2014 17:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "publ...
CVE-2014-7154
- EPSS 0.74%
- Veröffentlicht 02.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.