LiveActive security incident?Get immediate response
CVE archive

July 2014

Browse CVE records published in July 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 698 matching CVEs · Page 3 of 14.

Unknown · CVSS Not scored

CVE-2014-9782: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android b...

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9796: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices d...

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9777: The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm component...

The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9783: drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016...

drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-8450: Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic...

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092.

Published Jul 15, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-7913: The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Andr...

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.

Published Jul 30, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-7953: Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local us...

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

Published Jul 7, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-7912: The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and o...

The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.

Published Jul 30, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-7954: Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp i...

Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.

Published Jul 7, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-5117: Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is...

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

Published Jul 30, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-5100: Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to...

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.

Published Jul 25, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4954: Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.l...

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.

Published Jul 20, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4986: Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1,...

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

Published Jul 20, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4964: Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attac...

Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action.

Published Jul 15, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4977: Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated user...

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

Published Jul 16, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4955: Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.li...

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

Published Jul 20, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4965: Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.

Published Jul 15, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4971: Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local us...

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Published Jul 26, 2014 · Updated Aug 6, 2024