Total
2800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9961 | 1 Google | 1 Android | 2024-08-06 | N/A |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | ||||
| CVE-2014-9920 | 1 Mcafee | 1 Application Control | 2024-08-06 | N/A |
| Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | ||||
| CVE-2014-9830 | 1 Imagemagick | 1 Imagemagick | 2024-08-06 | N/A |
| coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | ||||
| CVE-2014-9865 | 1 Google | 1 Android | 2024-08-06 | N/A |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | ||||
| CVE-2014-9773 | 2 Atheme, Opensuse | 3 Atheme, Leap, Opensuse | 2024-08-06 | N/A |
| modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | ||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2024-08-06 | N/A |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | ||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2024-08-06 | N/A |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | ||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2024-08-06 | N/A |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | ||||
| CVE-2014-9798 | 1 Google | 1 Android | 2024-08-06 | N/A |
| platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | ||||
| CVE-2014-9717 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | ||||
| CVE-2014-9648 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. | ||||
| CVE-2014-9572 | 1 Mantisbt | 1 Mantisbt | 2024-08-06 | N/A |
| MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. | ||||
| CVE-2014-9504 | 1 Open Atrium Project | 1 Open Atrium | 2024-08-06 | N/A |
| The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | ||||
| CVE-2014-9513 | 1 Debian | 1 Xbindkeys-config | 2024-08-06 | N/A |
| Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2014-9489 | 1 Gollum Project | 3 Gollum, Gollum-lib, Grit Adapter | 2024-08-06 | N/A |
| The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags. | ||||
| CVE-2014-9422 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2024-08-06 | N/A |
| The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. | ||||
| CVE-2014-9388 | 1 Mantisbt | 1 Mantisbt | 2024-08-06 | N/A |
| bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. | ||||
| CVE-2014-9197 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2024-08-06 | N/A |
| The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | ||||
| CVE-2014-9117 | 1 Mantisbt | 1 Mantisbt | 2024-08-06 | N/A |
| MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0. | ||||
| CVE-2014-9148 | 1 Fiyo | 1 Fiyo Cms | 2024-08-06 | N/A |
| Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | ||||