Total
3098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | ||||
| CVE-2014-3624 | 1 Apache | 1 Traffic Server | 2024-11-21 | N/A |
| Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | ||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2024-11-21 | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | ||||
| CVE-2014-3613 | 3 Apple, Haxx, Redhat | 4 Mac Os X, Curl, Libcurl and 1 more | 2024-11-21 | N/A |
| cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | ||||
| CVE-2014-3519 | 1 Openvz | 1 Vzkernel | 2024-11-21 | N/A |
| The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | ||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | N/A |
| The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | ||||
| CVE-2014-2277 | 1 Perltidy Project | 1 Perltidy | 2024-11-21 | 7.1 High |
| The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | ||||
| CVE-2014-2174 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2024-11-21 | N/A |
| Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. | ||||
| CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | ||||
| CVE-2014-1949 | 3 Canonical, Gnome, Linuxmint | 3 Ubuntu, Gtk, Linux Mint | 2024-11-21 | N/A |
| GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | ||||
| CVE-2014-1589 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-11-21 | N/A |
| Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | ||||
| CVE-2014-1449 | 1 Maxthon | 1 Maxthon Cloud Browser | 2024-11-21 | N/A |
| The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. | ||||
| CVE-2014-1400 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | ||||
| CVE-2014-1399 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | ||||
| CVE-2014-1398 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | ||||
| CVE-2014-125054 | 1 Reddit-on-rails Project | 1 Reddit-on-rails | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-10059 | 1 Qualcomm | 14 Mdm9615, Mdm9615 Firmware, Mdm9625 and 11 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge. | ||||
| CVE-2014-10053 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application. | ||||
| CVE-2014-10050 | 1 Qualcomm | 12 Msm8917, Msm8917 Firmware, Msm8939 and 9 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block. | ||||
| CVE-2014-0881 | 1 Ibm | 2 Flex System X222, Integrated Management Module Firmware | 2024-11-21 | N/A |
| The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. | ||||