Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9783 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | |||||
| CVE-2014-9782 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | |||||
| CVE-2014-9780 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | |||||
| CVE-2014-9779 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679. | |||||
| CVE-2014-9735 | 1 Themepunch | 2 Showbiz Pro, Slider Revolution | 2016-11-28 | 7.5 HIGH | N/A |
| The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors. | |||||
| CVE-2014-9785 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747. | |||||
| CVE-2014-5415 | 1 Beckhoff | 2 Embedded Pc Images, Twincat | 2016-11-28 | 9.4 HIGH | 9.1 CRITICAL |
| Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | |||||
| CVE-2014-3197 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 5.0 MEDIUM | N/A |
| The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2014-3189 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2016-11-28 | 7.5 HIGH | N/A |
| The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3196 | 1 Google | 1 Chrome | 2016-11-28 | 7.5 HIGH | N/A |
| base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. | |||||
| CVE-2014-1959 | 1 Gnu | 1 Gnutls | 2016-11-28 | 5.8 MEDIUM | N/A |
| lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. | |||||
| CVE-2014-1572 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-11-28 | 5.0 MEDIUM | N/A |
| The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. | |||||
| CVE-2013-7073 | 1 Typo3 | 1 Typo3 | 2016-11-28 | 4.0 MEDIUM | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. | |||||
| CVE-2013-6410 | 3 Canonical, Debian, Wouter Verhelst | 3 Ubuntu Linux, Debian Linux, Nbd | 2016-11-28 | 7.5 HIGH | N/A |
| nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. | |||||
| CVE-2013-1775 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2016-11-28 | 6.9 MEDIUM | N/A |
| sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. | |||||
| CVE-2016-2988 | 1 Ibm | 1 Tivoli Storage Manager For Virtual Environments | 2016-11-25 | 4.6 MEDIUM | 8.5 HIGH |
| IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins. | |||||
| CVE-2014-1501 | 4 Google, Mozilla, Oracle and 1 more | 6 Android, Firefox, Solaris and 3 more | 2016-11-17 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | |||||
| CVE-2015-0856 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2016-11-17 | 4.6 MEDIUM | N/A |
| daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | |||||
| CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2016-11-08 | 7.2 HIGH | N/A |
| The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
| CVE-2013-3463 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2016-11-07 | 4.3 MEDIUM | N/A |
| The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | |||||