Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2966 | 1 Caucho | 1 Resin | 2024-02-28 | 5.0 MEDIUM | N/A |
| The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
| CVE-2014-4684 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2024-02-28 | 6.0 MEDIUM | N/A |
| The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||||
| CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2024-02-28 | 6.9 MEDIUM | N/A |
| McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | |||||
| CVE-2014-9113 | 1 Cchgroup | 1 Prosystem Fx Engagement | 2024-02-28 | 7.2 HIGH | N/A |
| CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file. | |||||
| CVE-2014-1933 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2024-02-28 | 2.1 LOW | N/A |
| The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | |||||
| CVE-2015-0337 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2014-0093 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 5.8 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2014-3170 | 1 Google | 1 Chrome | 2024-02-28 | 6.4 MEDIUM | N/A |
| extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. | |||||
| CVE-2014-6181 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-28 | 4.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-3172 | 1 Google | 1 Chrome | 2024-02-28 | 6.4 MEDIUM | N/A |
| The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. | |||||
| CVE-2014-8368 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 9.0 HIGH | N/A |
| The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-7288 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2024-02-28 | 9.0 HIGH | N/A |
| Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. | |||||
| CVE-2013-6657 | 1 Google | 1 Chrome | 2024-02-28 | 6.4 MEDIUM | N/A |
| core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2572 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors. | |||||
| CVE-2014-0518 | 4 Adobe, Apple, Linux and 1 more | 5 Adobe Air, Flash Player, Mac Os X and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. | |||||
| CVE-2014-5507 | 1 Pro Softnet Corporation | 1 Ibackup | 2024-02-28 | 7.2 HIGH | N/A |
| iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2014-4368 | 1 Apple | 1 Iphone Os | 2024-02-28 | 6.9 MEDIUM | N/A |
| The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | |||||
| CVE-2014-8989 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
| The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. | |||||
| CVE-2013-3066 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2024-02-28 | 7.1 HIGH | N/A |
| Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | |||||
| CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2024-02-28 | 4.4 MEDIUM | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | |||||