Total
2801 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-2277 | 1 Perltidy Project | 1 Perltidy | 2024-08-06 | 7.1 High |
The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | ||||
CVE-2014-2174 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2024-08-06 | N/A |
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. | ||||
CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | ||||
CVE-2014-1949 | 3 Canonical, Gnome, Linuxmint | 3 Ubuntu, Gtk, Linux Mint | 2024-08-06 | N/A |
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | ||||
CVE-2014-1589 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-08-06 | N/A |
Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | ||||
CVE-2014-1399 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-08-06 | N/A |
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | ||||
CVE-2014-1449 | 1 Maxthon | 1 Maxthon Cloud Browser | 2024-08-06 | N/A |
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. | ||||
CVE-2014-1398 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-08-06 | N/A |
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | ||||
CVE-2014-1400 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-08-06 | N/A |
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | ||||
CVE-2014-0881 | 1 Ibm | 2 Flex System X222, Integrated Management Module Firmware | 2024-08-06 | N/A |
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. | ||||
CVE-2014-0578 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. | ||||
CVE-2014-0228 | 1 Apache | 1 Hive | 2024-08-06 | N/A |
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. | ||||
CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2024-08-06 | N/A |
Remote file download in simple-image-manipulator v1.0 wordpress plugin | ||||
CVE-2015-1000009 | 1 Google-adsense-and-hotel-booking Project | 1 Google-adsense-and-hotel-booking | 2024-08-06 | N/A |
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | ||||
CVE-2015-10057 | 1 Little-apps | 1 Little Software Stats | 2024-08-06 | 4.6 Medium |
A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability. | ||||
CVE-2015-9337 | 1 Cozmoslabs | 1 Profile Builder | 2024-08-06 | N/A |
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | ||||
CVE-2015-9245 | 1 Progress | 1 Openedge | 2024-08-06 | N/A |
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | ||||
CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | ||||
CVE-2015-9021 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | ||||
CVE-2015-9024 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. |