Redhat » Enterprise Linux : Security Vulnerabilities, CVEs, Published In 2014 (Memory corruption)
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Max CVSS
6.8
EPSS Score
15.61%
Published
2014-12-24
Updated
2018-01-05
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
Max CVSS
4.0
EPSS Score
0.04%
Published
2014-06-05
Updated
2021-07-15
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Max CVSS
4.3
EPSS Score
96.99%
Published
2014-06-05
Updated
2022-09-16
CVE-2014-0196
Known exploited
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Max CVSS
6.9
EPSS Score
1.91%
Published
2014-05-07
Updated
2024-02-09
CISA KEV Added
2023-05-12
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
Max CVSS
5.0
EPSS Score
1.07%
Published
2014-02-10
Updated
2019-04-22
5 vulnerabilities found