| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-9426 |
17 |
|
DoS Mem. Corr. |
2014-12-30 |
2015-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. |
|
2 |
CVE-2014-9425 |
|
|
DoS |
2014-12-30 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
3 |
CVE-2014-9424 |
|
|
DoS |
2014-12-28 |
2014-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. |
|
4 |
CVE-2014-9420 |
399 |
|
DoS |
2014-12-25 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. |
|
5 |
CVE-2014-9418 |
119 |
|
DoS Overflow |
2014-12-24 |
2014-12-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. |
|
6 |
CVE-2014-9417 |
20 |
|
DoS |
2014-12-24 |
2014-12-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. |
|
7 |
CVE-2014-9415 |
20 |
|
DoS |
2014-12-24 |
2014-12-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. |
|
8 |
CVE-2014-9403 |
|
|
DoS |
2014-12-19 |
2015-09-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. |
|
9 |
CVE-2014-9381 |
189 |
|
DoS |
2014-12-19 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. |
|
10 |
CVE-2014-9380 |
119 |
|
DoS Overflow |
2014-12-19 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. |
|
11 |
CVE-2014-9379 |
119 |
|
DoS Exec Code Overflow |
2014-12-19 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow. |
|
12 |
CVE-2014-9378 |
20 |
|
DoS Exec Code |
2014-12-19 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. |
|
13 |
CVE-2014-9377 |
119 |
|
DoS Exec Code Overflow |
2014-12-19 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet. |
|
14 |
CVE-2014-9376 |
|
|
DoS Exec Code |
2014-12-19 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. |
|
15 |
CVE-2014-9374 |
|
|
DoS |
2014-12-12 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. |
|
16 |
CVE-2014-9351 |
20 |
|
DoS |
2014-12-09 |
2014-12-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors. |
|
17 |
CVE-2014-9350 |
19 |
1
|
DoS |
2014-12-08 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. |
|
18 |
CVE-2014-9323 |
|
|
DoS |
2014-12-16 |
2017-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. |
|
19 |
CVE-2014-9319 |
119 |
|
DoS Overflow |
2014-12-09 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file. |
|
20 |
CVE-2014-9318 |
119 |
|
DoS Overflow |
2014-12-09 |
2016-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size. |
|
21 |
CVE-2014-9317 |
119 |
|
DoS Overflow |
2014-12-09 |
2018-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. |
|
22 |
CVE-2014-9316 |
119 |
|
DoS Overflow |
2014-12-09 |
2016-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file. |
|
23 |
CVE-2014-9275 |
119 |
|
DoS Exec Code Overflow |
2014-12-09 |
2016-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. |
|
24 |
CVE-2014-9274 |
119 |
|
DoS Exec Code Overflow |
2014-12-09 |
2016-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". |
|
25 |
CVE-2014-9223 |
119 |
|
DoS Exec Code Overflow |
2014-12-24 |
2016-09-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. |
|
26 |
CVE-2014-9218 |
399 |
|
DoS |
2014-12-08 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. |
|
27 |
CVE-2014-9192 |
189 |
|
DoS Overflow |
2014-12-11 |
2016-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. |
|
28 |
CVE-2014-9166 |
|
|
DoS |
2014-12-10 |
2014-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors. |
|
29 |
CVE-2014-9164 |
94 |
|
DoS Exec Code Mem. Corr. |
2014-12-10 |
2018-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. |
|
30 |
CVE-2014-9158 |
94 |
|
DoS Exec Code Mem. Corr. |
2014-12-10 |
2014-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461. |
|
31 |
CVE-2014-9140 |
119 |
|
DoS Overflow |
2014-12-05 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. |
|
32 |
CVE-2014-9130 |
20 |
|
DoS |
2014-12-08 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. |
|
33 |
CVE-2014-9116 |
119 |
|
DoS Overflow |
2014-12-02 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. |
|
34 |
CVE-2014-9112 |
119 |
|
DoS Overflow |
2014-12-02 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. |
|
35 |
CVE-2014-9093 |
20 |
|
DoS Exec Code |
2014-11-26 |
2016-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. |
|
36 |
CVE-2014-9090 |
17 |
|
DoS |
2014-11-29 |
2015-06-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. |
|
37 |
CVE-2014-9087 |
189 |
|
DoS Overflow |
2014-12-01 |
2016-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. |
|
38 |
CVE-2014-9066 |
17 |
|
DoS |
2014-12-09 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. |
|
39 |
CVE-2014-9065 |
17 |
|
DoS |
2014-12-09 |
2018-10-30 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. |
|
40 |
CVE-2014-9050 |
119 |
|
DoS Overflow |
2014-12-01 |
2015-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. |
|
41 |
CVE-2014-9034 |
19 |
|
DoS |
2014-11-25 |
2016-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. |
|
42 |
CVE-2014-9030 |
20 |
|
DoS |
2014-11-24 |
2018-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. |
|
43 |
CVE-2014-9016 |
20 |
|
DoS |
2014-11-24 |
2014-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. |
|
44 |
CVE-2014-8991 |
264 |
|
DoS |
2014-11-24 |
2016-11-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. |
|
45 |
CVE-2014-8966 |
20 |
|
DoS Exec Code Mem. Corr. |
2014-12-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
|
46 |
CVE-2014-8964 |
119 |
|
DoS Overflow |
2014-12-16 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. |
|
47 |
CVE-2014-8952 |
|
|
DoS |
2014-11-16 |
2017-09-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition." |
|
48 |
CVE-2014-8951 |
|
|
DoS |
2014-11-16 |
2017-09-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. |
|
49 |
CVE-2014-8950 |
|
|
DoS |
2014-11-16 |
2017-09-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. |
|
50 |
CVE-2014-8901 |
399 |
|
DoS |
2014-12-18 |
2018-09-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query. |
