Total
5469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8148 | 2 Midgard-project, Opensuse | 2 Midgard2, Opensuse | 2025-04-12 | N/A |
| The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. | ||||
| CVE-2014-8268 | 1 Qpr | 1 Portal | 2025-04-12 | N/A |
| QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. | ||||
| CVE-2014-2068 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | ||||
| CVE-2016-2448 | 1 Google | 1 Android | 2025-04-12 | N/A |
| media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704. | ||||
| CVE-2014-8494 | 1 Estsoft | 1 Alupdate | 2025-04-12 | N/A |
| ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2014-8453 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2014-8605 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/. | ||||
| CVE-2014-8612 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. | ||||
| CVE-2014-2173 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | N/A |
| Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. | ||||
| CVE-2014-1993 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2016-2449 | 1 Google | 1 Android | 2025-04-12 | N/A |
| services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958. | ||||
| CVE-2014-8988 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. | ||||
| CVE-2014-9024 | 1 Protected Pages Project | 1 Protected Pages | 2025-04-12 | N/A |
| The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | ||||
| CVE-2014-9026 | 1 Ubercart | 1 Ubercart | 2025-04-12 | N/A |
| The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-2452 | 1 Google | 1 Android | 2025-04-12 | N/A |
| codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673. | ||||
| CVE-2014-9141 | 1 Thomsonreuters | 1 Fixed Assets Cs | 2025-04-12 | N/A |
| The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | ||||
| CVE-2014-1989 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | ||||
| CVE-2014-9226 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | N/A |
| The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | ||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2025-04-12 | N/A |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | ||||
| CVE-2014-2058 | 1 Jenkins | 1 Jenkins | 2025-04-12 | N/A |
| BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. | ||||