The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2014-10374 | On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to permanent trackability and considerable privacy concerns without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. | LOW | Jul 15, 2019 | n/a |
| CVE-2014-10079 | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2014-10078 | Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2014-10077 | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | MEDIUM | Nov 6, 2018 | n/a |
| CVE-2014-10076 | The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | MEDIUM | Oct 5, 2018 | n/a |
| CVE-2014-10075 | The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | HIGH | Oct 5, 2018 | n/a |
| CVE-2014-10074 | Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | HIGH | Aug 27, 2018 | n/a |
| CVE-2014-10073 | The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | MEDIUM | Apr 20, 2018 | n/a |
| CVE-2014-10072 | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | HIGH | Feb 27, 2018 | n/a |
| CVE-2014-10071 | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the >& fd syntax. | HIGH | Feb 27, 2018 | n/a |
| CVE-2014-10070 | zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where env_reset has been disabled. | MEDIUM | Feb 27, 2018 | n/a |
| CVE-2014-10069 | Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers\' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. | MEDIUM | Jan 7, 2018 | n/a |
| CVE-2014-10068 | The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | MEDIUM | May 29, 2018 | n/a |
| CVE-2014-10067 | paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | MEDIUM | May 29, 2018 | n/a |
| CVE-2014-10066 | Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. | MEDIUM | May 31, 2018 | n/a |
| CVE-2014-10065 | Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url\'s to be injected into the rendered content. | MEDIUM | Jun 1, 2018 | n/a |
| CVE-2014-10064 | The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring. | MEDIUM | May 31, 2018 | n/a |
| CVE-2014-10063 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10062 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2014-10060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2014-10059 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10058 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10057 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10056 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10055 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn\'t request for security restoration for OCMEM xPU\'s. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10054 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10053 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10052 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, and SDX20, the reserved memory of TZ subsystem (like TZ apps and some PIL image subsystem) is not cleared after being used. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10051 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10050 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10049 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2014-10048 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10047 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10046 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the corresponding active timer. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10045 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10044 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10043 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side. | MEDIUM | Apr 19, 2018 | n/a |
| CVE-2014-10039 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-10000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references | -- | Nov 7, 2023 | n/a |
| CVE-2014-9999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references | -- | Nov 7, 2023 | n/a |
| CVE-2014-9998 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9997 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 625, SD 650/52, SD 808, and SD 810, lack of input validation in PRDiagMaintenanceHandler can leads to buffer over read. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9996 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9995 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9994 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9993 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 450, and SD 850, buffer overread vulnerability may occur while provisioning a content with a large message. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2014-9991 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs. | HIGH | Apr 19, 2018 | n/a |
| CVE-2014-9990 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access. | HIGH | Apr 19, 2018 | n/a |
