| Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-8169 | 4.4 |
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges v
|
13-02-2023 - 00:44 | 18-03-2015 - 16:59 | |
| CVE-2014-3565 | 5.0 |
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB f
|
13-02-2023 - 00:40 | 07-10-2014 - 14:55 | |
| CVE-2012-2662 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2
|
13-02-2023 - 00:25 | 13-08-2012 - 20:55 | |
| CVE-2015-1867 | 7.5 |
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
|
12-02-2023 - 23:15 | 12-08-2015 - 14:59 | |
| CVE-2015-4142 | 4.3 |
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which
|
17-05-2022 - 07:15 | 15-06-2015 - 15:59 | |
| CVE-2013-5704 | 5.0 |
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s
|
14-04-2022 - 16:47 | 15-04-2014 - 10:55 | |
| CVE-2015-1819 | 5.0 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
|
27-12-2019 - 16:08 | 14-08-2015 - 18:59 | |
| CVE-2014-7185 | 6.4 |
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
|
25-10-2019 - 11:53 | 08-10-2014 - 17:55 | |
| CVE-2014-9273 | 4.6 |
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
|
30-10-2018 - 16:27 | 08-12-2014 - 16:59 | |
| CVE-2015-3148 | 5.0 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
|
30-10-2018 - 16:27 | 24-04-2015 - 14:59 | |
| CVE-2015-4620 | 7.8 |
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon ex
|
30-10-2018 - 16:27 | 08-07-2015 - 14:59 | |
| CVE-2015-1345 | 2.1 |
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
|
30-10-2018 - 16:27 | 12-02-2015 - 16:59 | |
| CVE-2014-9680 | 2.1 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
|
05-01-2018 - 02:29 | 24-04-2017 - 06:59 | |
| CVE-2014-2015 | 7.5 |
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and p
|
05-01-2018 - 02:29 | 02-11-2014 - 00:55 | |
| CVE-2014-4039 | 2.1 |
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var
|
07-01-2017 - 03:00 | 17-06-2014 - 15:55 | |
| CVE-2015-3339 | 6.2 |
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but t
|
31-12-2016 - 02:59 | 27-05-2015 - 10:59 | |
| CVE-2015-2741 | 4.3 |
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to b
|
28-12-2016 - 02:59 | 06-07-2015 - 02:01 | |
| CVE-2015-2775 | 7.6 |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
|
24-12-2016 - 02:59 | 13-04-2015 - 14:59 | |
| CVE-2014-9447 | 6.4 |
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using
|
18-04-2015 - 01:59 | 02-01-2015 - 20:59 |