Vulnerabilities (CVE)

Filtered by CWE-20
Total 11603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3686 3 Canonical, Debian, W1.fi 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more 2026-06-17 6.8 MEDIUM N/A
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
CVE-2014-3673 7 Canonical, Debian, Linux and 4 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2026-06-17 7.8 HIGH 7.5 HIGH
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
CVE-2014-3645 1 Linux 1 Linux Kernel 2026-06-17 2.1 LOW N/A
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3609 1 Squid-cache 1 Squid 2026-06-17 5.0 MEDIUM N/A
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
CVE-2014-3589 3 Debian, Opensuse, Python 3 Python-imaging, Opensuse, Pillow 2026-06-17 5.0 MEDIUM N/A
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
CVE-2014-3573 1 Redhat 1 Enterprise Virtualization Manager 2026-06-17 6.5 MEDIUM N/A
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
CVE-2014-3567 1 Openssl 1 Openssl 2026-06-17 7.1 HIGH N/A
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
CVE-2014-3533 4 Debian, Freedesktop, Mageia Project and 1 more 4 Debian Linux, Dbus, Mageia and 1 more 2026-06-17 2.1 LOW N/A
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
CVE-2014-3532 6 Debian, Freedesktop, Linux and 3 more 6 Debian Linux, Dbus, Linux Kernel and 3 more 2026-06-17 2.1 LOW N/A
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
CVE-2014-3513 1 Openssl 1 Openssl 2026-06-17 7.1 HIGH N/A
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
CVE-2014-3498 1 Redhat 1 Ansible 2026-06-17 6.5 MEDIUM 8.8 HIGH
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
CVE-2014-3487 5 Debian, File Project, Opensuse and 2 more 5 Debian Linux, File, Opensuse and 2 more 2026-06-17 4.3 MEDIUM N/A
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3480 5 Debian, File Project, Opensuse and 2 more 5 Debian Linux, File, Opensuse and 2 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3440 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2026-06-17 9.0 HIGH N/A
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
CVE-2014-3395 1 Cisco 1 Webex Meetings Server 2026-06-17 5.0 MEDIUM N/A
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.
CVE-2014-3391 1 Cisco 1 Adaptive Security Appliance Software 2026-06-17 6.8 MEDIUM N/A
Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
CVE-2014-3390 1 Cisco 1 Adaptive Security Appliance Software 2026-06-17 6.8 MEDIUM N/A
The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.
CVE-2014-3379 1 Cisco 3 Ios Xr, Network Convergence System 6000, Network Convergence System 6008 2026-06-17 6.1 MEDIUM N/A
Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.
CVE-2014-3378 1 Cisco 1 Ios Xr 2026-06-17 5.0 MEDIUM N/A
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
CVE-2014-3377 1 Cisco 1 Ios Xr 2026-06-17 4.0 MEDIUM N/A
snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.