Vendor CVEs
Canonical
All CVEs
2,026 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6414 | 0.00 | — | 0.02 | Oct 2, 2014 | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||
| CVE-2014-3621 | 0.00 | — | 0.02 | Oct 2, 2014 | The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. | |||
| CVE-2014-7145 | 0.00 | — | 0.04 | Sep 28, 2014 | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS… | |||
| CVE-2014-6418 | 0.00 | — | 0.05 | Sep 28, 2014 | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph… | |||
| CVE-2014-6416 | 0.00 | — | 0.06 | Sep 28, 2014 | Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | |||
| CVE-2014-3186 | 0.00 | — | 0.01 | Sep 28, 2014 | Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or… | |||
| CVE-2014-0484 | 0.00 | — | 0.00 | Sep 22, 2014 | The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment." | |||
| CVE-2014-3601 | 0.00 | — | 0.01 | Sep 1, 2014 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have… | |||
| CVE-2014-5356 | 0.00 | — | 0.02 | Aug 25, 2014 | OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service… | |||
| CVE-2014-5253 | 0.00 | — | 0.01 | Aug 25, 2014 | OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | |||
| CVE-2014-5252 | 0.00 | — | 0.02 | Aug 25, 2014 | The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request… | |||
| CVE-2014-5251 | 0.00 | — | 0.02 | Aug 25, 2014 | The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an… | |||
| CVE-2014-5033 | 0.00 | — | 0.00 | Aug 19, 2014 | KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2)… | |||
| CVE-2014-4615 | 0.00 | — | 0.03 | Aug 19, 2014 | The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the… | |||
| CVE-2014-3522 | 0.00 | — | 0.06 | Aug 19, 2014 | The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted… | |||
| CVE-2014-3504 | 0.00 | — | 0.03 | Aug 19, 2014 | The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows… | |||
| CVE-2014-5207 | 0.00 | — | 0.01 | Aug 18, 2014 | fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems… | |||
| CVE-2014-5206 | 0.00 | — | 0.00 | Aug 18, 2014 | The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a… | |||
| CVE-2014-0479 | 0.00 | — | 0.03 | Aug 6, 2014 | reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||
| CVE-2014-5077 | 0.00 | — | 0.06 | Aug 1, 2014 | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints… | |||
| CVE-2014-5031 | 0.00 | — | 0.03 | Jul 29, 2014 | The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | |||
| CVE-2014-5030 | 0.00 | — | 0.00 | Jul 29, 2014 | CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | |||
| CVE-2014-5029 | 0.00 | — | 0.00 | Jul 29, 2014 | The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | |||
| CVE-2014-4909 | 0.00 | — | 0.05 | Jul 29, 2014 | Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | |||
| CVE-2014-1419 | 0.00 | — | 0.00 | Jul 24, 2014 | Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-3537 | 0.00 | — | 0.00 | Jul 23, 2014 | The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||
| CVE-2014-4167 | 0.00 | — | 0.02 | Jul 11, 2014 | The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | |||
| CVE-2014-4699 | 0.00 | — | 0.02 | Jul 9, 2014 | The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial… | |||
| CVE-2014-0247 | 0.00 | — | 0.04 | Jul 3, 2014 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | |||
| CVE-2014-4667 | 0.00 | — | 0.06 | Jul 3, 2014 | The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. | |||
| CVE-2014-4656 | 0.00 | — | 0.01 | Jul 3, 2014 | Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid… | |||
| CVE-2014-4655 | 0.00 | — | 0.00 | Jul 3, 2014 | The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging… | |||
| CVE-2014-4654 | 0.00 | — | 0.01 | Jul 3, 2014 | The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service… | |||
| CVE-2014-4653 | 0.00 | — | 0.01 | Jul 3, 2014 | sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging… | |||
| CVE-2014-4652 | 0.00 | — | 0.00 | Jul 3, 2014 | Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging… | |||
| CVE-2014-4508 | 0.00 | — | 0.00 | Jun 23, 2014 | arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by… | |||
| CVE-2014-4171 | 0.00 | — | 0.00 | Jun 23, 2014 | mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by… | |||
| CVE-2014-4027 | 0.00 | — | 0.01 | Jun 23, 2014 | The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. | |||
| CVE-2014-1739 | 0.00 | — | 0.01 | Jun 23, 2014 | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a… | |||
| CVE-2013-1068 | 0.00 | — | 0.01 | Jun 19, 2014 | The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and… | |||
| CVE-2013-6433 | 0.00 | — | 0.03 | Jun 2, 2014 | The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | |||
| CVE-2014-3925 | 0.00 | — | 0.02 | Jun 1, 2014 | sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to… | |||
| CVE-2012-6648 | 0.00 | — | 0.00 | May 22, 2014 | gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due… | |||
| CVE-2012-1166 | 0.00 | — | 0.05 | May 21, 2014 | The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | |||
| CVE-2014-3730 | 0.00 | — | 0.03 | May 16, 2014 | The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by… | |||
| CVE-2014-1418 | 0.00 | — | 0.03 | May 16, 2014 | Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from… | |||
| CVE-2014-0211 | 0.00 | — | 0.04 | May 15, 2014 | Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer… | |||
| CVE-2014-0210 | 0.00 | — | 0.04 | May 15, 2014 | Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5)… | |||
| CVE-2014-0209 | 0.00 | — | 0.00 | May 15, 2014 | Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which… | |||
| CVE-2011-4407 | 0.00 | — | 0.01 | May 14, 2014 | ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. |
- CVE-2014-6414Oct 2, 2014risk 0.00cvss —epss 0.02
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
- CVE-2014-3621Oct 2, 2014risk 0.00cvss —epss 0.02
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
- CVE-2014-7145Sep 28, 2014risk 0.00cvss —epss 0.04
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS…
- CVE-2014-6418Sep 28, 2014risk 0.00cvss —epss 0.05
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph…
- CVE-2014-6416Sep 28, 2014risk 0.00cvss —epss 0.06
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.
- CVE-2014-3186Sep 28, 2014risk 0.00cvss —epss 0.01
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or…
- CVE-2014-0484Sep 22, 2014risk 0.00cvss —epss 0.00
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."
- CVE-2014-3601Sep 1, 2014risk 0.00cvss —epss 0.01
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have…
- CVE-2014-5356Aug 25, 2014risk 0.00cvss —epss 0.02
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service…
- CVE-2014-5253Aug 25, 2014risk 0.00cvss —epss 0.01
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
- CVE-2014-5252Aug 25, 2014risk 0.00cvss —epss 0.02
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request…
- CVE-2014-5251Aug 25, 2014risk 0.00cvss —epss 0.02
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an…
- CVE-2014-5033Aug 19, 2014risk 0.00cvss —epss 0.00
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2)…
- CVE-2014-4615Aug 19, 2014risk 0.00cvss —epss 0.03
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the…
- CVE-2014-3522Aug 19, 2014risk 0.00cvss —epss 0.06
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted…
- CVE-2014-3504Aug 19, 2014risk 0.00cvss —epss 0.03
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows…
- CVE-2014-5207Aug 18, 2014risk 0.00cvss —epss 0.01
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems…
- CVE-2014-5206Aug 18, 2014risk 0.00cvss —epss 0.00
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a…
- CVE-2014-0479Aug 6, 2014risk 0.00cvss —epss 0.03
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
- CVE-2014-5077Aug 1, 2014risk 0.00cvss —epss 0.06
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints…
- CVE-2014-5031Jul 29, 2014risk 0.00cvss —epss 0.03
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
- CVE-2014-5030Jul 29, 2014risk 0.00cvss —epss 0.00
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
- CVE-2014-5029Jul 29, 2014risk 0.00cvss —epss 0.00
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
- CVE-2014-4909Jul 29, 2014risk 0.00cvss —epss 0.05
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
- CVE-2014-1419Jul 24, 2014risk 0.00cvss —epss 0.00
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.
- CVE-2014-3537Jul 23, 2014risk 0.00cvss —epss 0.00
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
- CVE-2014-4167Jul 11, 2014risk 0.00cvss —epss 0.02
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
- CVE-2014-4699Jul 9, 2014risk 0.00cvss —epss 0.02
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial…
- CVE-2014-0247Jul 3, 2014risk 0.00cvss —epss 0.04
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
- CVE-2014-4667Jul 3, 2014risk 0.00cvss —epss 0.06
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
- CVE-2014-4656Jul 3, 2014risk 0.00cvss —epss 0.01
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid…
- CVE-2014-4655Jul 3, 2014risk 0.00cvss —epss 0.00
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging…
- CVE-2014-4654Jul 3, 2014risk 0.00cvss —epss 0.01
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service…
- CVE-2014-4653Jul 3, 2014risk 0.00cvss —epss 0.01
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging…
- CVE-2014-4652Jul 3, 2014risk 0.00cvss —epss 0.00
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging…
- CVE-2014-4508Jun 23, 2014risk 0.00cvss —epss 0.00
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by…
- CVE-2014-4171Jun 23, 2014risk 0.00cvss —epss 0.00
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by…
- CVE-2014-4027Jun 23, 2014risk 0.00cvss —epss 0.01
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
- CVE-2014-1739Jun 23, 2014risk 0.00cvss —epss 0.01
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a…
- CVE-2013-1068Jun 19, 2014risk 0.00cvss —epss 0.01
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and…
- CVE-2013-6433Jun 2, 2014risk 0.00cvss —epss 0.03
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
- CVE-2014-3925Jun 1, 2014risk 0.00cvss —epss 0.02
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to…
- CVE-2012-6648May 22, 2014risk 0.00cvss —epss 0.00
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due…
- CVE-2012-1166May 21, 2014risk 0.00cvss —epss 0.05
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
- CVE-2014-3730May 16, 2014risk 0.00cvss —epss 0.03
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by…
- CVE-2014-1418May 16, 2014risk 0.00cvss —epss 0.03
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from…
- CVE-2014-0211May 15, 2014risk 0.00cvss —epss 0.04
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer…
- CVE-2014-0210May 15, 2014risk 0.00cvss —epss 0.04
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5)…
- CVE-2014-0209May 15, 2014risk 0.00cvss —epss 0.00
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which…
- CVE-2011-4407May 14, 2014risk 0.00cvss —epss 0.01
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
Page 30 of 41