CVE-2014-7155
- EPSS 0.97%
- Veröffentlicht 02.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges ...
CVE-2014-6051
- EPSS 8.27%
- Veröffentlicht 30.09.2014 16:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which...
CVE-2014-6055
- EPSS 7.83%
- Veröffentlicht 30.09.2014 16:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) d...
CVE-2014-2524
- EPSS 0.43%
- Veröffentlicht 20.08.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-4909
- EPSS 5.41%
- Veröffentlicht 29.07.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bo...
CVE-2014-0103
- EPSS 0.38%
- Veröffentlicht 29.07.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
CVE-2014-3537
- EPSS 0.38%
- Veröffentlicht 23.07.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
- EPSS 7.14%
- Veröffentlicht 20.07.2014 11:12:50
- Zuletzt bearbeitet 06.05.2026 22:30:45
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
CVE-2014-3499
- EPSS 0.39%
- Veröffentlicht 11.07.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
- EPSS 3.92%
- Veröffentlicht 03.07.2014 17:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.