CVE-2014-1301CVE-2014-1301

Affected configuration(s):

cpe:/a:apple:itunes:12.0
cpe:/a:apple:safari:6.0
cpe:/a:apple:safari:6.0.1
cpe:/a:apple:safari:6.0.2
cpe:/a:apple:safari:6.0.3
cpe:/a:apple:safari:6.0.4
cpe:/a:apple:safari:6.0.5
cpe:/a:apple:safari:6.1
cpe:/a:apple:safari:6.1.1
cpe:/a:apple:safari:6.1.2
cpe:/a:apple:safari:7.0
cpe:/a:apple:safari:7.0.1
cpe:/a:apple:safari:7.0.2

Date published: 2014-04-02T12:17:06.947-04:00

Date last modified: 2016-12-22T09:36:21.563-05:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html

Summary: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

CVE-2014-8241CVE-2014-8241

Affected configuration(s):

cpe:/a:tigervnc:tigervnc:-
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2016-12-14T17:59:00.200-05:00

Date last modified: 2016-12-19T21:59:05.867-05:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://seclists.org/oss-sec/2014/q4/278

Summary: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CVE-2014-5353CVE-2014-5353

Affected configuration(s):

cpe:/a:mit:kerberos:5-1.13

Date published: 2014-12-16T18:59:00.073-05:00

Date last modified: 2017-01-02T21:59:06.420-05:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2014-0536.html

Summary: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

CVE-2014-4975CVE-2014-4975

Affected configuration(s):

cpe:/a:ruby-lang:ruby:1.9.3
cpe:/a:ruby-lang:ruby:2.0
cpe:/a:ruby-lang:ruby:2.0.0
cpe:/a:ruby-lang:ruby:2.0.0:p0
cpe:/a:ruby-lang:ruby:2.0.0:p195
cpe:/a:ruby-lang:ruby:2.0.0:p247
cpe:/a:ruby-lang:ruby:2.0.0:preview1
cpe:/a:ruby-lang:ruby:2.0.0:preview2
cpe:/a:ruby-lang:ruby:2.0.0:rc1
cpe:/a:ruby-lang:ruby:2.0.0:rc2
cpe:/a:ruby-lang:ruby:2.1:-
cpe:/a:ruby-lang:ruby:2.1:preview1
cpe:/a:ruby-lang:ruby:2.1.1
cpe:/a:ruby-lang:ruby:2.1.2
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2014-11-15T15:59:01.453-05:00

Date last modified: 2017-08-28T21:35:10.577-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2014-0472.html

Summary: Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

CVE-2014-4132CVE-2014-4132

Affected configuration(s):

cpe:/a:microsoft:internet_explorer:11:-

Date published: 2014-10-15T06:55:08.347-04:00

Date last modified: 2016-12-09T13:25:27.017-05:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-056

Summary: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-4130 and CVE-2014-4138.

CVE-2014-4126CVE-2014-4126

Affected configuration(s):

cpe:/a:microsoft:internet_explorer:10
cpe:/a:microsoft:internet_explorer:11:-

Date published: 2014-10-15T06:55:08.130-04:00

Date last modified: 2016-12-09T13:25:13.310-05:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-056

Summary: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”

CVE-2014-4128CVE-2014-4128

Affected configuration(s):

cpe:/a:microsoft:internet_explorer:6
cpe:/a:microsoft:internet_explorer:7
cpe:/a:microsoft:internet_explorer:8
cpe:/a:microsoft:internet_explorer:9
cpe:/a:microsoft:internet_explorer:10
cpe:/a:microsoft:internet_explorer:11:-

Date published: 2014-10-15T06:55:08.223-04:00

Date last modified: 2016-12-09T13:24:55.447-05:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-056

Summary: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”

CVE-2014-6363CVE-2014-6363

Affected configuration(s):

cpe:/a:microsoft:internet_explorer:6
cpe:/a:microsoft:internet_explorer:7
cpe:/a:microsoft:internet_explorer:8
cpe:/a:microsoft:internet_explorer:9
cpe:/a:microsoft:internet_explorer:10
cpe:/a:microsoft:internet_explorer:11:-
cpe:/a:microsoft:vbscript:5.6
cpe:/a:microsoft:vbscript:5.7
cpe:/a:microsoft:vbscript:5.8

Date published: 2014-12-10T19:59:13.440-05:00

Date last modified: 2017-09-02T21:29:01.217-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-080

Summary: vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “VBScript Memory Corruption Vulnerability.”

CVE-2014-1421CVE-2014-1421

Affected configuration(s):

cpe:/o:canonical:ubuntu_linux:14.10

Date published: 2014-11-25T10:59:00.090-05:00

Date last modified: 2016-12-08T09:46:53.007-05:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.ubuntu.com/usn/USN-2411-1

Summary: mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.