Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-08-06 | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2024-08-06 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-1887 | 2 Adobe, Drinkedin | 2 Phonegap, Drinkedin Barfinder | 2024-08-06 | N/A |
| The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com. | ||||
| CVE-2014-1989 | 1 Cybozu | 1 Garoon | 2024-08-06 | N/A |
| Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | ||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-08-06 | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-08-06 | N/A |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||||
| CVE-2014-1959 | 1 Gnu | 1 Gnutls | 2024-08-06 | N/A |
| lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. | ||||
| CVE-2014-1883 | 1 Adobe | 1 Phonegap | 2024-08-06 | N/A |
| Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
| CVE-2014-1933 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2024-08-06 | N/A |
| The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | ||||
| CVE-2014-1881 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2024-08-06 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. | ||||
| CVE-2014-1903 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2024-08-06 | N/A |
| admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | ||||
| CVE-2014-1886 | 2 Adobe, Edinburghtour | 2 Phonegap, Edinburgh By Bus | 2024-08-06 | N/A |
| The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites." | ||||
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2024-08-06 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | ||||
| CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2024-08-06 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-08-06 | N/A |
| OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | ||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-08-06 | N/A |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||||
| CVE-2014-1816 | 1 Microsoft | 1 Xml Core Services | 2024-08-06 | N/A |
| Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability." | ||||
| CVE-2014-1809 | 1 Microsoft | 1 Office | 2024-08-06 | N/A |
| The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability." | ||||
| CVE-2014-1764 | 1 Microsoft | 1 Internet Explorer | 2024-08-06 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | ||||
| CVE-2014-1807 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-08-06 | N/A |
| The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability." | ||||