Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1217 | 1 Livetecs | 1 Timeline | 2024-11-21 | 7.5 HIGH | N/A |
| Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors. | |||||
| CVE-2014-1213 | 1 Sophos | 2 Scanning Engine, Sophos Anti-virus | 2024-11-21 | 5.6 MEDIUM | N/A |
| Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects. | |||||
| CVE-2014-10070 | 1 Zsh Project | 1 Zsh | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. | |||||
| CVE-2014-10058 | 1 Qualcomm | 30 Sd 205, Sd 205 Firmware, Sd 210 and 27 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time. | |||||
| CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | |||||
| CVE-2014-10054 | 1 Qualcomm | 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation. | |||||
| CVE-2014-0984 | 1 Sap | 1 Router | 2024-11-21 | 4.3 MEDIUM | N/A |
| The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | |||||
| CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2024-11-21 | 1.9 LOW | N/A |
| The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | |||||
| CVE-2014-0972 | 1 Codeaurora | 1 Android-msm | 2024-11-21 | 7.2 HIGH | N/A |
| The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register. | |||||
| CVE-2014-0960 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 6.6 MEDIUM | N/A |
| IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. | |||||
| CVE-2014-0936 | 1 Ibm | 1 Security Appscan Source | 2024-11-21 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-0908 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | 6.0 MEDIUM | N/A |
| The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. | |||||
| CVE-2014-0906 | 1 Ibm | 1 Sametime | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. | |||||
| CVE-2014-0905 | 1 Ibm | 1 Infosphere Biginsights | 2024-11-21 | 2.9 LOW | N/A |
| IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-0899 | 1 Ibm | 1 Aix | 2024-11-21 | 6.5 MEDIUM | N/A |
| ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands. | |||||
| CVE-2014-0888 | 1 Ibm | 2 Mobile Foundation, Worklight | 2024-11-21 | 4.9 MEDIUM | N/A |
| IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors. | |||||
| CVE-2014-0877 | 1 Ibm | 1 Cognos Tm1 | 2024-11-21 | 5.0 MEDIUM | N/A |
| IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | |||||
| CVE-2014-0875 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2024-11-21 | 3.5 LOW | N/A |
| Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. | |||||
| CVE-2014-0858 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 3.5 LOW | N/A |
| IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | |||||
| CVE-2014-0854 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 5.0 MEDIUM | N/A |
| The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||