Search Results (5484 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1814 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability."
CVE-2014-1816 1 Microsoft 1 Xml Core Services 2025-04-12 N/A
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability."
CVE-2014-1819 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability."
CVE-2014-1881 2 Adobe, Apache 2 Phonegap, Cordova 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
CVE-2014-1882 2 Adobe, Apache 2 Phonegap, Cordova 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
CVE-2014-1883 1 Adobe 1 Phonegap 2025-04-12 N/A
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1884 3 Adobe, Apache, Microsoft 3 Phonegap, Cordova, Windows Phone 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1885 2 Adobe, Hsgroup 2 Phonegap, Forzearmate 2025-04-12 N/A
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.
CVE-2014-1886 2 Adobe, Edinburghtour 2 Phonegap, Edinburgh By Bus 2025-04-12 N/A
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
CVE-2014-1887 2 Adobe, Drinkedin 2 Phonegap, Drinkedin Barfinder 2025-04-12 N/A
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
CVE-2014-1933 2 Python, Pythonware 2 Pillow, Python Imaging Library 2025-04-12 N/A
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
CVE-2014-1957 1 Fortinet 1 Fortiweb 2025-04-12 N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-1959 1 Gnu 1 Gnutls 2025-04-12 N/A
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVE-2014-1977 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2025-04-12 N/A
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1978 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2025-04-12 N/A
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1986 1 Kokuyo 1 Camiapp 2025-04-12 N/A
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.
CVE-2014-1989 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVE-2014-1993 1 Cybozu 1 Garoon 2025-04-12 N/A
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2014-1996 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
CVE-2014-2033 1 Bluecoat 1 Proxysgos 2025-04-12 N/A
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.