Total
5484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8989 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. | ||||
| CVE-2014-3197 | 2 Google, Redhat | 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more | 2025-04-12 | N/A |
| The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. | ||||
| CVE-2014-3160 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | N/A |
| The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | ||||
| CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2025-04-12 | N/A |
| SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | ||||
| CVE-2014-3189 | 2 Google, Redhat | 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more | 2025-04-12 | N/A |
| The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2014-3202 | 1 Ayatana Project | 1 Unity | 2025-04-12 | N/A |
| Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | ||||
| CVE-2014-3074 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | N/A |
| The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | ||||
| CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2025-04-12 | N/A |
| The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | ||||
| CVE-2014-3130 | 1 Sap | 1 Netweaver Abap Application Server | 2025-04-12 | N/A |
| The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | ||||
| CVE-2014-4167 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | ||||
| CVE-2014-4157 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. | ||||
| CVE-2013-7065 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-12 | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | ||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2025-04-12 | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||
| CVE-2014-3203 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2025-04-12 | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | ||||
| CVE-2014-3309 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | ||||
| CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | ||||
| CVE-2014-2905 | 1 Fishshell | 1 Fish | 2025-04-12 | N/A |
| fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. | ||||
| CVE-2014-3006 | 1 Sitepark | 1 Information Enterprise Server | 2025-04-12 | N/A |
| Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | ||||
| CVE-2014-4124 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123. | ||||
| CVE-2014-8890 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. | ||||