| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 9 |
| ID | CVSS | CVSS3 | Summary | Last (major) update | Published | |
|---|---|---|---|---|---|---|
| CVE-2014-3566 | 4.3 | 3.4 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
|
2021-08-31 - 15:44 | 2014-10-15 - 00:55 | |
| CVE-2014-6271 | 10.0 | 9.8 |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
|
2021-02-01 - 21:38 | 2014-09-24 - 18:48 | |
| CVE-2014-7169 | 10.0 | None |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
|
2018-11-30 - 21:29 | 2014-09-25 - 01:55 | |
| CVE-2014-7186 | 10.0 | None |
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
|
2018-10-09 - 19:52 | 2014-09-28 - 19:55 | |
| CVE-2014-7187 | 10.0 | None |
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
|
2018-10-09 - 19:52 | 2014-09-28 - 19:55 | |
| CVE-2014-6277 | 10.0 | None |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
|
2018-08-09 - 01:29 | 2014-09-27 - 22:55 | |
| CVE-2014-6278 | 10.0 | None |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
|
2018-08-09 - 01:29 | 2014-09-30 - 10:55 | |
| CVE-2014-3567 | 7.1 | None |
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
|
2017-11-15 - 02:29 | 2014-10-19 - 01:55 | |
| CVE-2014-3513 | 7.1 | None |
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
|
2017-01-03 - 02:59 | 2014-10-19 - 01:55 |