Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0234 | 7.5 |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in
|
13-02-2023 - 00:37 | 12-02-2020 - 01:15 | |
CVE-2014-0175 | 7.5 |
mcollective has a default password set at install
|
13-02-2023 - 00:34 | 13-12-2019 - 13:15 | |
CVE-2014-0084 | 2.1 |
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
|
13-02-2023 - 00:31 | 21-11-2019 - 15:15 | |
CVE-2014-4698 | 4.6 |
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio
|
19-01-2023 - 16:35 | 10-07-2014 - 11:06 | |
CVE-2014-4721 | 2.6 |
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
|
19-01-2023 - 16:14 | 06-07-2014 - 23:55 | |
CVE-2014-0237 | 5.0 |
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
|
19-01-2023 - 15:44 | 01-06-2014 - 04:29 | |
CVE-2014-3515 | 7.5 |
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that
|
09-11-2022 - 03:05 | 09-07-2014 - 11:07 | |
CVE-2013-6712 | 5.0 |
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte
|
31-10-2022 - 15:01 | 28-11-2013 - 04:37 | |
CVE-2014-1943 | 5.0 |
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
|
31-10-2022 - 15:00 | 18-02-2014 - 19:55 | |
CVE-2014-0238 | 5.0 |
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero len
|
31-10-2022 - 14:54 | 01-06-2014 - 04:29 | |
CVE-2014-3479 | 4.3 |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (appli
|
28-10-2022 - 23:26 | 09-07-2014 - 11:07 | |
CVE-2014-3480 | 4.3 |
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (appli
|
28-10-2022 - 23:25 | 09-07-2014 - 11:07 | |
CVE-2014-2270 | 4.3 |
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
|
28-10-2022 - 23:23 | 14-03-2014 - 15:55 | |
CVE-2014-2497 | 4.3 |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
|
28-09-2022 - 20:39 | 21-03-2014 - 14:55 | |
CVE-2014-4049 | 5.1 |
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns
|
29-08-2022 - 20:05 | 18-06-2014 - 19:55 | |
CVE-2013-6420 | 7.5 |
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
|
30-10-2018 - 16:27 | 17-12-2013 - 04:46 | |
CVE-2014-3587 | 4.3 |
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a craf
|
05-01-2018 - 02:29 | 23-08-2014 - 01:55 | |
CVE-2014-3597 | 6.8 |
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS re
|
07-01-2017 - 03:00 | 23-08-2014 - 01:55 | |
CVE-2014-3669 | 7.5 |
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary
|
03-01-2017 - 02:59 | 29-10-2014 - 10:55 | |
CVE-2014-3670 | 6.8 |
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory
|
18-10-2016 - 03:44 | 29-10-2014 - 10:55 | |
CVE-2012-1571 | 4.3 |
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
|
08-03-2014 - 04:55 | 17-07-2012 - 21:55 |