CVE-2014-0294
published 2014-02-12CVE-2014-0294: Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
20.89%
97.2th percentile
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r699-wgcm-v7qp: Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrar
ghsa_unreviewed·2022-05-14
CVE-2014-0294 [HIGH] CWE-94 GHSA-r699-wgcm-v7qp: Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrar
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
OSV
gnutls26, gnutls28 vulnerabilities
osv·2015-03-23·CVSS 4.3
CVE-2014-8155 gnutls26, gnutls28 vulnerabilities
gnutls26, gnutls28 vulnerabilities
It was discovered that GnuTLS did not perform date and time checks on
CA certificates, contrary to expectations. This issue only affected
Ubuntu 10.04 LTS. (CVE-2014-8155)
Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that
signature algorithms matched. A remote attacker could possibly use this
issue to downgrade to a disallowed algorithm. This issue only affected
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0282)
It was discovered that GnuTLS incorrectly verified certificate algorithms.
A remote attacker could possibly use this issue to downgrade to a
disallowed algorithm. (CVE-2015-0294)
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
blogs_talos·2014-02-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
The Microsoft Updates are pretty significant this month. Internet Explorer, which was missing from the updates for the first time in a long time last month is back with a whopping 24 vulnerabilities. Besides the IE bulletin, there’s six more bulletins, 4 of which are rated critical and 3 of which are rated important. All-in-all, this Update Tuesday provides fixes for 32 CVEs. The list of bulletins below is ordered by rating rather than number (i.e., the same ordering as used here: https://technet.microsoft.com/en-us/security/bulletin/ms14-feb).
The first bulletin, MS14-010, deals with IE and is rated critical and provides fixes for 24 CVEs. As is usual, most of the vulnerabilities are the result of use-after-free vulnerabilities. Most of the vulnerabilities were reported privately to Micr
Talos
Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
blogs_talos·2014-02-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
## Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
The Microsoft Updates are pretty significant this month. Internet Explorer, which was missing from the updates for the first time in a long time last month is back with a whopping 24 vulnerabilities. Besides the IE bulletin, there’s six more bulletins, 4 of which are rated critical and 3 of which are rated important. All-in-all, this Update Tuesday provides fixes for 32 CVEs. The list of bulletins below is ordered by rating rather than number (i.e., the same ordering as used here: https://technet.microsoft.com/en-us/security/bulletin/ms14-feb).
The first bulletin, MS14-010 , deals with IE and is rated critical and provides fixes for 24 CVEs. As is usual, most of the vulnerabilities are the result of use-after-free
http://osvdb.org/103161http://secunia.com/advisories/56788http://www.securityfocus.com/bid/65397http://www.securitytracker.com/id/1029744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-008http://osvdb.org/103161http://secunia.com/advisories/56788http://www.securityfocus.com/bid/65397http://www.securitytracker.com/id/1029744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-008
2014-02-12
Published