Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4973 | 1 Eset | 2 Endpoint Security, Smart Security | 2014-09-24 | 6.9 MEDIUM | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | |||||
| CVE-2014-2284 | 1 Net-snmp | 1 Net-snmp | 2014-09-12 | 5.0 MEDIUM | N/A |
| The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-2598 | 1 Codeaurora | 1 Android-msm | 2014-09-02 | 6.6 MEDIUM | N/A |
| app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory. | |||||
| CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2014-09-02 | 4.3 MEDIUM | N/A |
| DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
| CVE-2014-5398 | 1 Invensys | 1 Wonderware Information Server | 2014-08-28 | 2.1 LOW | N/A |
| Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0762 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2014-08-28 | 4.7 MEDIUM | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. | |||||
| CVE-2014-0761 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2014-08-28 | 7.1 HIGH | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. | |||||
| CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2014-08-04 | 6.4 MEDIUM | N/A |
| The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | |||||
| CVE-2014-3817 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-07-31 | 7.8 HIGH | N/A |
| Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. | |||||
| CVE-2014-2966 | 1 Caucho | 1 Resin | 2014-07-28 | 5.0 MEDIUM | N/A |
| The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
| CVE-2014-3815 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-07-23 | 7.8 HIGH | N/A |
| Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. | |||||
| CVE-2014-4503 | 2 Cgminer Project, Sgminer Project | 2 Cgminer, Sgminer | 2014-07-23 | 4.3 MEDIUM | N/A |
| The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message. | |||||
| CVE-2014-5019 | 1 Drupal | 1 Drupal | 2014-07-22 | 5.0 MEDIUM | N/A |
| The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use. | |||||
| CVE-2014-3819 | 1 Juniper | 1 Junos | 2014-07-17 | 7.8 HIGH | N/A |
| Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet. | |||||
| CVE-2014-3822 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-07-16 | 5.4 MEDIUM | N/A |
| Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | |||||
| CVE-2014-3889 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890. | |||||
| CVE-2014-3890 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. | |||||
| CVE-2014-3814 | 1 Juniper | 3 Netscreen-5200, Netscreen-5400, Screenos | 2014-06-25 | 7.8 HIGH | N/A |
| The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | |||||
| CVE-2012-5572 | 1 Dancer | 1 Dancer | 2014-06-24 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526. | |||||
| CVE-2014-3216 | 1 Gomlab | 1 Gom Media Player | 2014-06-24 | 4.3 MEDIUM | N/A |
| GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | |||||