Redhat » Enterprise Linux : Security Vulnerabilities, CVEs, Published In November 2014
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
Max CVSS
5.0
EPSS Score
9.45%
Published
2014-11-03
Updated
2018-10-30
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
Max CVSS
5.5
EPSS Score
0.06%
Published
2014-11-10
Updated
2023-02-13
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Max CVSS
7.8
EPSS Score
95.52%
Published
2014-11-10
Updated
2023-02-13
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
Max CVSS
5.0
EPSS Score
1.46%
Published
2014-11-04
Updated
2016-12-08
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Max CVSS
5.5
EPSS Score
0.19%
Published
2014-11-10
Updated
2023-02-13
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Max CVSS
5.5
EPSS Score
0.30%
Published
2014-11-10
Updated
2023-02-13
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
Max CVSS
4.7
EPSS Score
0.06%
Published
2014-11-10
Updated
2023-02-13
7 vulnerabilities found