Total
2800 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8912 | 1 Ibm | 1 Websphere Portal | 2024-08-06 | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | ||||
CVE-2014-8827 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | ||||
CVE-2014-8833 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | ||||
CVE-2014-8757 | 1 Lg | 1 On-screen Phone | 2024-08-06 | N/A |
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | ||||
CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2024-08-06 | N/A |
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | ||||
CVE-2014-8680 | 1 Isc | 1 Bind | 2024-08-06 | N/A |
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | ||||
CVE-2014-8632 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-08-06 | N/A |
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. | ||||
CVE-2014-8631 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-08-06 | N/A |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. | ||||
CVE-2014-8362 | 1 Vivint | 2 Sky Control Panel, Sky Control Panel Firmware | 2024-08-06 | N/A |
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | ||||
CVE-2014-8168 | 1 Redhat | 1 Satellite | 2024-08-06 | 7.8 High |
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | ||||
CVE-2014-8177 | 1 Redhat | 5 Enterprise Linux, Gluster Storage Management Console, Gluster Storage Server and 2 more | 2024-08-06 | N/A |
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. | ||||
CVE-2014-8183 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-06 | 7.4 High |
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||||
CVE-2014-7905 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. | ||||
CVE-2014-7853 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2024-08-06 | N/A |
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | ||||
CVE-2014-7810 | 4 Apache, Debian, Hp and 1 more | 5 Tomcat, Debian Linux, Hp-ux and 2 more | 2024-08-06 | N/A |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. | ||||
CVE-2014-7193 | 1 Sideway | 1 Hapi Crumb | 2024-08-06 | N/A |
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer. | ||||
CVE-2014-6625 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
CVE-2014-6626 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | ||||
CVE-2014-6627 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | ||||
CVE-2014-6319 | 1 Microsoft | 1 Exchange Server | 2024-08-06 | N/A |
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." |