Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4493 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.5 HIGH | N/A |
| The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | |||||
| CVE-2014-4463 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | N/A |
| Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||||
| CVE-2014-4457 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.5 HIGH | N/A |
| The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | |||||
| CVE-2014-4455 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 2.1 LOW | N/A |
| dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | |||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2014-4446 | 1 Apple | 1 Os X Server | 2024-11-21 | 2.1 LOW | N/A |
| Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | |||||
| CVE-2014-4441 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | N/A |
| NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | |||||
| CVE-2014-4437 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | N/A |
| LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | |||||
| CVE-2014-4431 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | N/A |
| Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||||
| CVE-2014-4427 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | N/A |
| App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | |||||
| CVE-2014-4423 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||||
| CVE-2014-4368 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.9 MEDIUM | N/A |
| The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | |||||
| CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | N/A |
| Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||
| CVE-2014-4354 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.8 MEDIUM | N/A |
| Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | |||||
| CVE-2014-4338 | 1 Linuxfoundation | 1 Cups-filters | 2024-11-21 | 4.0 MEDIUM | N/A |
| cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | |||||
| CVE-2014-4200 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2024-11-21 | 4.7 MEDIUM | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. | |||||
| CVE-2014-4167 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2024-11-21 | 3.5 LOW | N/A |
| The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | |||||
| CVE-2014-4157 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 MEDIUM | N/A |
| arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. | |||||
| CVE-2014-4154 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 5.0 MEDIUM | N/A |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. | |||||
| CVE-2014-4140 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||