Total
11613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9755 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | |||||
| CVE-2014-9754 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | |||||
| CVE-2014-9751 | 6 Apple, Debian, Linux and 3 more | 8 Macos, Debian Linux, Linux Kernel and 5 more | 2026-06-17 | 6.8 MEDIUM | N/A |
| The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. | |||||
| CVE-2014-9750 | 4 Debian, Ntp, Oracle and 1 more | 6 Debian Linux, Ntp, Linux and 3 more | 2026-06-17 | 5.8 MEDIUM | N/A |
| ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | |||||
| CVE-2014-9746 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | |||||
| CVE-2014-9733 | 1 Nwjs | 1 Nw.js | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2026-06-17 | 4.3 MEDIUM | N/A |
| libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | |||||
| CVE-2014-9678 | 1 Flowpaper | 1 Flexpaper | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter. | |||||
| CVE-2014-9653 | 3 Debian, File Project, Php | 3 Debian Linux, File, Php | 2026-06-17 | 7.5 HIGH | N/A |
| readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2014-9645 | 1 Busybox | 1 Busybox | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | |||||
| CVE-2014-9603 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | 7.5 HIGH | N/A |
| The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. | |||||
| CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2026-06-17 | 5.0 MEDIUM | N/A |
| Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | |||||
| CVE-2014-9598 | 1 Videolan | 1 Vlc Media Player | 2026-06-17 | 6.8 MEDIUM | N/A |
| The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. | |||||
| CVE-2014-9597 | 1 Videolan | 1 Vlc Media Player | 2026-06-17 | 6.8 MEDIUM | N/A |
| The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | |||||
| CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2026-06-17 | 2.1 LOW | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
| CVE-2014-9509 | 1 Typo3 | 1 Typo3 | 2026-06-17 | 7.5 HIGH | N/A |
| The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | |||||
| CVE-2014-9462 | 2 Mercurial, Opensuse | 2 Mercurial, Opensuse | 2026-06-17 | 7.5 HIGH | N/A |
| The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. | |||||
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2026-06-17 | 2.1 LOW | N/A |
| The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||||
| CVE-2014-9415 | 1 Huawei | 1 Espace Desktop | 2026-06-17 | 1.9 LOW | N/A |
| Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | |||||
| CVE-2014-9410 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.2 HIGH | 9.8 CRITICAL |
| The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | |||||
