CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2014-3647 264 DoS 2014-11-10 2016-10-14
2.1
None Local Low Not required None None Partial
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
1802 CVE-2014-3646 264 DoS 2014-11-10 2015-03-25
2.1
None Local Low Not required None None Partial
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
1803 CVE-2014-3645 20 DoS 2014-11-10 2015-03-17
2.1
None Local Low Not required None None Partial
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
1804 CVE-2014-3640 476 DoS 2014-11-07 2017-11-03
2.1
None Local Low Not required None None Partial
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
1805 CVE-2014-3639 399 DoS 2014-09-22 2018-10-30
2.1
None Local Low Not required None None Partial
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
1806 CVE-2014-3638 399 DoS 2014-09-22 2018-10-30
2.1
None Local Low Not required None None Partial
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
1807 CVE-2014-3637 17 DoS 2014-09-22 2018-10-30
2.1
None Local Low Not required None None Partial
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
1808 CVE-2014-3615 200 +Info 2014-11-01 2017-11-03
2.1
None Local Low Not required Partial None None
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
1809 CVE-2014-3608 399 DoS Bypass 2014-10-06 2018-11-16
2.7
None Local Network Low Single system None None Partial
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
1810 CVE-2014-3602 264 +Info 2014-11-13 2015-11-20
2.1
None Local Low Not required Partial None None
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
1811 CVE-2014-3586 264 +Info 2015-04-21 2015-10-13
2.1
None Local Low Not required Partial None None
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
1812 CVE-2014-3561 200 +Info 2014-12-05 2017-08-28
2.1
None Local Low Not required Partial None None
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
1813 CVE-2014-3533 20 DoS 2014-07-19 2018-10-30
2.1
None Local Low Not required None None Partial
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
1814 CVE-2014-3532 20 DoS 2014-07-19 2018-10-30
2.1
None Local Low Not required None None Partial
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
1815 CVE-2014-3493 119 DoS Overflow Mem. Corr. 2014-06-23 2018-10-09
2.7
None Local Network Low Single system None None Partial
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
1816 CVE-2014-3477 DoS 2014-07-01 2015-04-14
2.1
None Local Low Not required None None Partial
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
1817 CVE-2014-3471 416 DoS 2018-01-12 2018-01-31
2.1
None Local Low Not required None None Partial
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.
1818 CVE-2014-3426 DoS 2014-05-08 2014-05-08
2.1
None Local Low Not required None None Partial
NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.
1819 CVE-2014-3425 DoS 2014-05-08 2014-05-08
2.1
None Local Low Not required None None Partial
NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.
1820 CVE-2014-3209 264 2014-11-15 2014-11-17
2.1
None Local Low Not required Partial None None
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
1821 CVE-2014-3123 79 XSS 2014-05-08 2014-05-09
2.1
None Remote High Single system None Partial None
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.
1822 CVE-2014-3099 +Info 2014-12-06 2017-08-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.
1823 CVE-2014-3093 310 +Info 2014-08-29 2017-08-28
2.1
None Local Low Not required Partial None None
IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file.
1824 CVE-2014-3079 264 Bypass 2014-09-10 2017-08-28
2.1
None Remote High Single system Partial None None
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.
1825 CVE-2014-3077 200 +Info 2014-09-15 2017-08-28
2.1
None Local Low Not required Partial None None
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
1826 CVE-2014-3045 200 +Info 2014-07-19 2014-08-04
2.1
None Local Low Not required Partial None None
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.
1827 CVE-2014-2884 284 Bypass +Info 2018-03-19 2018-04-20
2.1
None Local Low Not required Partial None None
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.
1828 CVE-2014-2690 264 2014-04-15 2014-04-16
2.1
None Local Low Not required Partial None None
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
1829 CVE-2014-2608 +Priv +Info 2014-12-10 2014-12-12
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
1830 CVE-2014-2573 264 DoS Bypass 2014-03-25 2014-03-26
2.3
None Local Network Medium Single system None None Partial
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
1831 CVE-2014-2568 416 +Info 2014-03-24 2019-05-10
2.9
None Local Network Medium Not required Partial None None
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
1832 CVE-2014-2495 2014-07-17 2018-10-09
2.3
None Local Network Medium Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing.
1833 CVE-2014-2478 2014-10-15 2014-10-16
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
1834 CVE-2014-2466 2014-04-15 2014-04-16
2.1
None Remote High Single system Partial None None
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
1835 CVE-2014-2432 2014-04-15 2017-12-20
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
1836 CVE-2014-2431 2014-04-15 2017-12-20
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
1837 CVE-2014-2420 2014-04-15 2018-01-04
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
1838 CVE-2014-2381 +Info 2014-08-27 2014-08-28
2.1
None Local Low Not required Partial None None
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
1839 CVE-2014-2343 20 DoS 2014-05-30 2014-06-04
2.1
None Local Low Not required None None Partial
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
1840 CVE-2014-2333 79 XSS 2014-04-11 2017-08-28
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
1841 CVE-2014-2226 255 +Info 2014-07-29 2016-10-14
2.6
None Remote High Not required Partial None None
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
1842 CVE-2014-2079 264 Bypass 2018-07-16 2018-09-15
2.1
None Local Low Not required Partial None None
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
1843 CVE-2014-2040 79 XSS 2014-03-03 2018-10-09
2.1
None Remote High Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.
1844 CVE-2014-2000 200 +Info 2014-06-18 2014-06-19
2.6
None Remote High Not required Partial None None
The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.
1845 CVE-2014-1948 255 +Info 2014-02-14 2014-03-08
2.6
None Local High Not required Partial Partial None
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
1846 CVE-2014-1933 264 2014-04-17 2017-06-30
2.1
None Local Low Not required None Partial None
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
1847 CVE-2014-1859 59 2018-01-08 2019-04-22
2.1
None Local Low Not required None Partial None
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
1848 CVE-2014-1858 20 2018-01-08 2018-01-30
2.1
None Local Low Not required None Partial None
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
1849 CVE-2014-1835 255 2018-02-02 2018-02-14
2.1
None Local Low Not required Partial None None
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.
1850 CVE-2014-1832 2015-02-19 2015-02-20
2.1
None Local Low Not required None Partial None
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
Total number of vulnerabilities : 4508   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 (This Page)38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.