Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2014-09-04 | 2.8 LOW | N/A |
| The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||
| CVE-2013-2595 | 1 Codeaurora | 1 Android-msm | 2014-09-02 | 7.2 HIGH | N/A |
| The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2014-5457 | 1 Qnap | 8 Ss-839, Ss-839 Firmware, Ts-459u and 5 more | 2014-08-26 | 2.1 LOW | N/A |
| QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | |||||
| CVE-2014-5453 | 1 Ubi | 1 Uplay Pc | 2014-08-26 | 7.2 HIGH | N/A |
| Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2014-3800 | 1 Xbmc | 1 Xbmc | 2014-08-07 | 2.1 LOW | N/A |
| XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | |||||
| CVE-2014-3772 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
| TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. | |||||
| CVE-2014-3771 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
| TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||||
| CVE-2014-0539 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2014-08-05 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. | |||||
| CVE-2014-0537 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2014-08-05 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. | |||||
| CVE-2014-1993 | 1 Cybozu | 1 Garoon | 2014-08-04 | 4.0 MEDIUM | N/A |
| The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-1996 | 1 Cybozu | 1 Garoon | 2014-08-04 | 7.5 HIGH | N/A |
| Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||||
| CVE-2014-2966 | 1 Caucho | 1 Resin | 2014-07-28 | 5.0 MEDIUM | N/A |
| The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
| CVE-2014-4685 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.6 MEDIUM | N/A |
| Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. | |||||
| CVE-2014-4684 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 6.0 MEDIUM | N/A |
| The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||||
| CVE-2014-4683 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.9 MEDIUM | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||||
| CVE-2014-1649 | 1 Symantec | 1 Workspace Streaming | 2014-07-24 | 7.9 HIGH | N/A |
| The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||||
| CVE-2014-3043 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2014-07-23 | 6.5 MEDIUM | N/A |
| IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. | |||||
| CVE-2014-5020 | 1 Drupal | 1 Drupal | 2014-07-22 | 4.9 MEDIUM | N/A |
| The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field. | |||||
| CVE-2014-0470 | 1 Super Project | 1 Super | 2014-07-18 | 7.2 HIGH | N/A |
| super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack. | |||||
| CVE-2014-1957 | 1 Fortinet | 1 Fortiweb | 2014-07-18 | 6.5 MEDIUM | N/A |
| FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||||