Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0542 | 6 Adobe, Apple, Google and 3 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. | ||||
| CVE-2014-3281 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | ||||
| CVE-2014-0858 | 1 Ibm | 1 Content Navigator | 2025-04-12 | N/A |
| IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | ||||
| CVE-2015-2871 | 1 Chiyu | 1 Bf-660c | 2025-04-12 | N/A |
| Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. | ||||
| CVE-2013-5460 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | N/A |
| IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors. | ||||
| CVE-2014-3350 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. | ||||
| CVE-2015-5995 | 2 Mediabridge, Tenda | 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 | 2025-04-12 | N/A |
| Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | ||||
| CVE-2014-3416 | 1 Jasig | 1 Uportal | 2025-04-12 | N/A |
| uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet. | ||||
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2025-04-12 | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2013-4596 | 1 Danielkorte | 1 Nodeaccesskeys | 2025-04-12 | N/A |
| The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | ||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2025-04-12 | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2014-8828 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | ||||
| CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2025-04-12 | N/A |
| The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4598 | 1 Groups Communities And Co Project | 1 Gcc | 2025-04-12 | N/A |
| The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. | ||||
| CVE-2014-8890 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. | ||||
| CVE-2014-3559 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2025-04-12 | N/A |
| The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. | ||||
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | ||||
| CVE-2014-3617 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | ||||
| CVE-2013-1841 | 1 Seamons | 1 Net-server | 2025-04-12 | N/A |
| Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. | ||||
| CVE-2014-0877 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | N/A |
| IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | ||||