Vulnerabilities (CVE)

Filtered by CWE-20
Total 11611 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8160 6 Canonical, Debian, Linux and 3 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2026-06-17 5.0 MEDIUM N/A
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
CVE-2014-8153 2 Litech, Openstack 2 Router Advertisement Daemon, Neutron 2026-06-17 4.0 MEDIUM N/A
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
CVE-2014-8149 1 Opendaylight 1 Defense4all 2026-06-17 6.5 MEDIUM 8.8 HIGH
OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.
CVE-2014-8126 1 Wisc 1 Htcondor 2026-06-17 6.5 MEDIUM 8.8 HIGH
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.
CVE-2014-8119 3 Fedoraproject, Netcf Project, Redhat 3 Fedora, Netcf, Enterprise Linux 2026-06-17 5.0 MEDIUM 7.5 HIGH
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
CVE-2014-8036 1 Cisco 1 Webex Meetings Server 2026-06-17 5.0 MEDIUM N/A
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.
CVE-2014-8013 1 Cisco 1 Nx-os 2026-06-17 4.9 MEDIUM N/A
The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.
CVE-2014-8010 1 Cisco 1 Unified Communications Domain Manager 2026-06-17 6.5 MEDIUM N/A
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.
CVE-2014-8003 1 Cisco 1 Unified Computing System 2026-06-17 7.2 HIGH N/A
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.
CVE-2014-7994 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2026-06-17 5.4 MEDIUM N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
CVE-2014-7990 1 Cisco 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more 2026-06-17 6.8 MEDIUM N/A
Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.
CVE-2014-7989 1 Cisco 8 B200 M3, B200 M4, B22 M3 and 5 more 2026-06-17 6.8 MEDIUM N/A
Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.
CVE-2014-7899 1 Google 1 Chrome 2026-06-17 5.0 MEDIUM N/A
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
CVE-2014-7861 1 Apple 1 Mac Os X 2026-06-17 9.3 HIGH N/A
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
CVE-2014-7840 2 Qemu, Redhat 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more 2026-06-17 7.5 HIGH N/A
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2014-7839 1 Redhat 1 Resteasy 2026-06-17 6.4 MEDIUM N/A
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
CVE-2014-7821 3 Fedoraproject, Openstack, Redhat 3 Fedora, Neutron, Openstack 2026-06-17 4.0 MEDIUM N/A
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVE-2014-7817 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Glibc and 1 more 2026-06-17 4.6 MEDIUM N/A
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
CVE-2014-7815 5 Canonical, Debian, Qemu and 2 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2026-06-17 5.0 MEDIUM N/A
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7278 1 Zyxel 2 Sbg3300-n, Sbg3300-n Firmware 2026-06-17 5.0 MEDIUM N/A
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.