Security Vulnerabilities, CVEs, Published In June 2014
CVE-2014-3936
Public exploit
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
Max CVSS
10.0
EPSS Score
95.78%
Published
2014-06-02
Updated
2023-04-26
CVE-2014-3913
Public exploit
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
Max CVSS
10.0
EPSS Score
89.30%
Published
2014-06-04
Updated
2015-08-31
CVE-2014-3804
Public exploit
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
Max CVSS
10.0
EPSS Score
95.53%
Published
2014-06-13
Updated
2017-09-16
CVE-2014-3153
Known exploited
Public exploit
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Max CVSS
7.2
EPSS Score
0.13%
Published
2014-06-07
Updated
2023-10-03
CISA KEV Added
2022-05-25
CVE-2014-0224
Public exploit
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Max CVSS
7.4
EPSS Score
97.41%
Published
2014-06-05
Updated
2022-08-16
CVE-2014-0195
Public exploit
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Max CVSS
6.8
EPSS Score
96.81%
Published
2014-06-05
Updated
2022-06-30
CVE-2013-6221
Public exploit
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
Max CVSS
10.0
EPSS Score
97.17%
Published
2014-06-18
Updated
2014-07-18
CVE-2013-3843
Public exploit
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
Max CVSS
6.8
EPSS Score
35.87%
Published
2014-06-13
Updated
2020-03-26
CVE-2013-1412
Public exploit
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Max CVSS
7.5
EPSS Score
97.02%
Published
2014-06-02
Updated
2014-06-03
9 vulnerabilities found