Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-5147 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | ||||
CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2024-08-06 | N/A |
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | ||||
CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2024-08-06 | N/A |
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-08-06 | 8.8 High |
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | ||||
CVE-2014-5040 | 1 Eucalyptus | 1 Eucalyptus | 2024-08-06 | N/A |
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID. | ||||
CVE-2014-4976 | 1 Sonicwall | 1 Scrutinizer | 2024-08-06 | N/A |
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | ||||
CVE-2014-5031 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2024-08-06 | N/A |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | ||||
CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2024-08-06 | N/A |
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | ||||
CVE-2014-5015 | 2 Eterna, Netbsd | 2 Bozohttpd, Netbsd | 2024-08-06 | N/A |
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | ||||
CVE-2014-4987 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-08-06 | N/A |
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. | ||||
CVE-2014-4919 | 1 Oxid-esales | 1 Eshop | 2024-08-06 | 5.4 Medium |
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups. | ||||
CVE-2014-4810 | 1 Ibm | 1 Cognos Mobile | 2024-08-06 | N/A |
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | ||||
CVE-2014-4817 | 1 Ibm | 1 Tivoli Storage Manager | 2024-08-06 | N/A |
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | ||||
CVE-2014-4867 | 1 Cryoserver | 1 Cryoserver Security Appliance | 2024-08-06 | N/A |
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program. | ||||
CVE-2014-4830 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-06 | N/A |
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
CVE-2014-4869 | 1 Brocade | 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software | 2024-08-06 | N/A |
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. | ||||
CVE-2014-4802 | 1 Ibm | 1 Business Process Manager | 2024-08-06 | N/A |
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. | ||||
CVE-2014-4844 | 1 Ibm | 1 Business Process Manager | 2024-08-06 | N/A |
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. | ||||
CVE-2014-4793 | 1 Ibm | 1 Websphere Mq | 2024-08-06 | N/A |
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | ||||
CVE-2014-4790 | 1 Ibm | 2 Emptoris Sourcing Portfolio, Emptoris Spend Analysis | 2024-08-06 | N/A |
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue. |