Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0051 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||
CVE-2014-9642 | 1 Bullguard | 4 Bdagent.sys, Internet Security, Online Backup and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. | |||||
CVE-2014-6041 | 1 Google | 1 Android Browser | 2024-02-28 | 5.8 MEDIUM | N/A |
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser. | |||||
CVE-2014-4122 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | |||||
CVE-2014-2520 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 6.3 MEDIUM | N/A |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | |||||
CVE-2014-3472 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 4.9 MEDIUM | N/A |
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. | |||||
CVE-2014-0473 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-02-28 | 5.0 MEDIUM | N/A |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | |||||
CVE-2014-0525 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls. | |||||
CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2024-02-28 | 7.5 HIGH | N/A |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||||
CVE-2013-4331 | 1 Robert Ancell | 1 Lightdm | 2024-02-28 | 2.1 LOW | N/A |
Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2012-0875 | 1 Systemtap | 1 Systemtap | 2024-02-28 | 5.4 MEDIUM | N/A |
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer. | |||||
CVE-2014-0135 | 1 Theforeman | 1 Kafo | 2024-02-28 | 1.9 LOW | N/A |
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | |||||
CVE-2014-3464 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 5.5 MEDIUM | N/A |
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133. | |||||
CVE-2014-4495 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 10.0 HIGH | N/A |
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | |||||
CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | N/A |
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | |||||
CVE-2014-3019 | 1 Ibm | 4 Sas Connectivity Module, Sas Connectivity Module Firmware, Sas Raid Module and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session. | |||||
CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2024-02-28 | 3.6 LOW | N/A |
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2024-02-28 | 2.1 LOW | N/A |
The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | |||||
CVE-2014-1666 | 1 Xen | 1 Xen | 2024-02-28 | 8.3 HIGH | N/A |
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | |||||
CVE-2014-4062 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability." |