Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3674 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2014-3675 1 Redhat 2 Enterprise Linux, Shim 2025-04-12 N/A
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2014-3676 1 Redhat 2 Enterprise Linux, Shim 2025-04-12 N/A
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
CVE-2014-3677 1 Redhat 2 Enterprise Linux, Shim 2025-04-12 N/A
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
CVE-2014-3678 2 Jenkins-ci, Redhat 2 Monitoring Plugin, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3679 1 Jenkins-ci 1 Monitoring Plugin 2025-04-12 N/A
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
CVE-2014-3680 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
CVE-2014-3681 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3682 1 Redhat 3 Jboss Bpms, Jboss Brms, Jbpm-designer 2025-04-12 N/A
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
CVE-2014-3683 2 Rsyslog, Sysklogd Project 2 Rsyslog, Sysklogd 2025-04-12 N/A
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
CVE-2014-3684 1 Adaptivecomputing 1 Torque Resource Manager 2025-04-12 N/A
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.
CVE-2014-3686 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 N/A
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
CVE-2014-3687 8 Canonical, Debian, Linux and 5 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2025-04-12 7.5 High
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
CVE-2014-3688 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.
CVE-2014-3689 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 N/A
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2014-3690 7 Canonical, Debian, Linux and 4 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2025-04-12 5.5 Medium
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
CVE-2014-3691 2 Redhat, Theforeman 5 Openstack, Openstack-installer, Satellite and 2 more 2025-04-12 N/A
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
CVE-2014-3692 1 Redhat 2 Cloudforms 3.1 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
CVE-2014-3693 4 Canonical, Libreoffice, Opensuse and 1 more 7 Ubuntu Linux, Libreoffice, Opensuse and 4 more 2025-04-12 N/A
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
CVE-2014-3694 5 Canonical, Debian, Opensuse and 2 more 5 Ubuntu Linux, Debian Linux, Opensuse and 2 more 2025-04-12 N/A
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.