Total
1750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2277 | 1 Perltidy Project | 1 Perltidy | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | |||||
| CVE-2014-2174 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2024-11-21 | 8.3 HIGH | N/A |
| Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. | |||||
| CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | |||||
| CVE-2014-1949 | 3 Canonical, Gnome, Linuxmint | 3 Ubuntu, Gtk, Linux Mint | 2024-11-21 | 7.2 HIGH | N/A |
| GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | |||||
| CVE-2014-1589 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-11-21 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | |||||
| CVE-2014-1449 | 1 Maxthon | 1 Maxthon Cloud Browser | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. | |||||
| CVE-2014-1400 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | |||||
| CVE-2014-1399 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | |||||
| CVE-2014-1398 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | |||||
| CVE-2014-125054 | 1 Reddit-on-rails Project | 1 Reddit-on-rails | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-10059 | 1 Qualcomm | 14 Mdm9615, Mdm9615 Firmware, Mdm9625 and 11 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge. | |||||
| CVE-2014-10053 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application. | |||||
| CVE-2014-10050 | 1 Qualcomm | 12 Msm8917, Msm8917 Firmware, Msm8939 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block. | |||||
| CVE-2014-0881 | 1 Ibm | 2 Flex System X222, Integrated Management Module Firmware | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. | |||||
| CVE-2014-0578 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. | |||||
| CVE-2014-0228 | 1 Apache | 1 Hive | 2024-11-21 | 3.5 LOW | N/A |
| Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. | |||||
| CVE-2013-7461 | 1 Mcafee | 2 Application Control, Change Control | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. | |||||
| CVE-2013-7460 | 1 Mcafee | 2 Application Control, Change Control | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. | |||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2024-11-21 | 5.0 MEDIUM | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | |||||
| CVE-2013-6739 | 1 Ibm | 1 Spss Modeler | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. | |||||