Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3222 | 1 Huawei | 1 Espace Meeting | 2024-11-21 | N/A |
| In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | ||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2024-11-21 | N/A |
| Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | ||||
| CVE-2014-2079 | 2 Debian, X File Explorer Project | 2 Debian Linux, X File Explorer | 2024-11-21 | N/A |
| X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. | ||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | N/A |
| Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | ||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-11-21 | N/A |
| OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | ||||
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-11-21 | N/A |
| The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | ||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||||
| CVE-2014-1226 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | N/A |
| The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. | ||||
| CVE-2014-10070 | 1 Zsh Project | 1 Zsh | 2024-11-21 | N/A |
| zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. | ||||
| CVE-2014-10058 | 1 Qualcomm | 30 Sd 205, Sd 205 Firmware, Sd 210 and 27 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time. | ||||
| CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | ||||
| CVE-2014-10054 | 1 Qualcomm | 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation. | ||||
| CVE-2014-0229 | 2 Apache, Cloudera | 2 Hadoop, Cdh | 2024-11-21 | N/A |
| Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | ||||
| CVE-2014-0087 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | ||||
| CVE-2014-0073 | 1 Apache | 2 Cordova, Cordova In-app-browser | 2024-11-21 | N/A |
| The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | ||||
| CVE-2013-7432 | 1 Mapsplugin | 1 Googlemaps | 2024-11-21 | N/A |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | ||||
| CVE-2013-7202 | 1 Paypal | 1 Paypal | 2024-11-21 | N/A |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | ||||
| CVE-2013-6876 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | N/A |
| The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed. | ||||
| CVE-2013-6446 | 1 Cloudera | 1 Cdh | 2024-11-21 | N/A |
| The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | ||||