Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9141 | 1 Thomsonreuters | 1 Fixed Assets Cs | 2024-02-28 | 7.2 HIGH | N/A |
| The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | |||||
| CVE-2014-4455 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 2.1 LOW | N/A |
| dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | |||||
| CVE-2014-0542 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. | |||||
| CVE-2013-6728 | 1 Ibm | 1 Websphere Dashboard Framework | 2024-02-28 | 5.8 MEDIUM | N/A |
| The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. | |||||
| CVE-2014-2646 | 1 Hp | 1 Network Automation | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2014-3772 | 1 Teampass | 1 Teampass | 2024-02-28 | 7.5 HIGH | N/A |
| TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. | |||||
| CVE-2013-6775 | 2 Chainfire, Google | 2 Supersu, Android | 2024-02-28 | 10.0 HIGH | N/A |
| The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | |||||
| CVE-2015-1117 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 6.9 MEDIUM | N/A |
| The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. | |||||
| CVE-2014-4621 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-02-28 | 9.3 HIGH | N/A |
| A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | |||||
| CVE-2013-5464 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2024-02-28 | 6.0 MEDIUM | N/A |
| IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors. | |||||
| CVE-2014-2068 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 3.5 LOW | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | |||||
| CVE-2013-1841 | 1 Seamons | 1 Net-server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. | |||||
| CVE-2015-1481 | 1 Ansible | 1 Tower | 2024-02-28 | 6.5 MEDIUM | N/A |
| Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | |||||
| CVE-2015-3029 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2019 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
| The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | |||||
| CVE-2014-4758 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL. | |||||
| CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
| Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||
| CVE-2014-6102 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2024-02-28 | 2.1 LOW | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. | |||||
| CVE-2009-5138 | 1 Gnu | 1 Gnutls | 2024-02-28 | 5.8 MEDIUM | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | |||||