Vulnerabilities (CVE)

Filtered by CWE-17
Total 165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7923 6 Canonical, Google, Icu-project and 3 more 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more 2024-11-21 7.5 HIGH N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
CVE-2014-7902 1 Google 1 Chrome 2024-11-21 7.5 HIGH N/A
Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVE-2014-7843 1 Linux 1 Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.
CVE-2014-6386 1 Juniper 1 Junos 2024-11-21 7.8 HIGH N/A
Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix.
CVE-2014-6383 1 Juniper 1 Junos 2024-11-21 5.0 MEDIUM N/A
The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
CVE-2014-6092 1 Ibm 1 Curam Social Program Management 2024-11-21 5.0 MEDIUM N/A
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.
CVE-2014-5426 1 Matrikonopc 1 Dnp3 Opc Server 2024-11-21 5.0 MEDIUM N/A
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.
CVE-2014-5277 1 Docker 2 Docker, Docker-py 2024-11-21 5.0 MEDIUM N/A
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
CVE-2014-4498 1 Apple 1 Mac Os X 2024-11-21 4.7 MEDIUM N/A
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
CVE-2014-4467 1 Apple 1 Iphone Os 2024-11-21 4.3 MEDIUM N/A
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
CVE-2014-3637 2 Freedesktop, Opensuse 2 Dbus, Opensuse 2024-11-21 2.1 LOW N/A
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVE-2014-3500 1 Apache 1 Cordova 2024-11-21 6.4 MEDIUM N/A
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
CVE-2014-3248 2 Puppet, Puppetlabs 6 Facter, Hiera, Marionette Collective and 3 more 2024-11-21 6.2 MEDIUM N/A
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
CVE-2014-2683 1 Zend 10 Zend Framework, Zendopenid, Zendrest and 7 more 2024-11-21 5.0 MEDIUM N/A
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.
CVE-2013-7424 1 Gnu 1 Glibc 2024-11-21 5.1 MEDIUM N/A
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
CVE-2013-7423 4 Canonical, Gnu, Opensuse and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2024-11-21 5.0 MEDIUM N/A
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2013-6497 1 Clamav 1 Clamav 2024-11-21 2.1 LOW N/A
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
CVE-2013-6494 2 Fedoraproject, Fedup Project 2 Fedora, Fedup 2024-11-21 2.1 LOW N/A
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).
CVE-2013-3646 1 Cybozu 1 Cybozu Live 2024-11-21 6.8 MEDIUM N/A
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-2184 1 Sixapart 1 Movable Type 2024-11-21 7.5 HIGH N/A
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.