Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 104130 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2014-9949 In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. High Jun 8, 2017 n/a
CVE-2014-9948 In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. High Jun 8, 2017 n/a
CVE-2014-9947 In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. Medium Jun 8, 2017 n/a
CVE-2014-9946 In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9945 In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. High Jun 8, 2017 n/a
CVE-2014-9944 In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9943 In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9942 In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9941 In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9940 The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. High May 12, 2017 n/a
CVE-2014-9939 ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. High Mar 22, 2017 n/a
CVE-2014-9938 contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Medium Mar 21, 2017 n/a
CVE-2014-9937 In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. High May 23, 2017 n/a
CVE-2014-9936 In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. High May 23, 2017 n/a
CVE-2014-9935 In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. High May 23, 2017 n/a
CVE-2014-9934 A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. High May 23, 2017 n/a
CVE-2014-9933 Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. High May 23, 2017 n/a
CVE-2014-9932 In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. High May 23, 2017 n/a
CVE-2014-9931 A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. High May 23, 2017 n/a
CVE-2014-9930 In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9929 In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9928 In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9927 In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9926 In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9925 In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9924 In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. High Jun 9, 2017 n/a
CVE-2014-9923 In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. High Jun 9, 2017 n/a
CVE-2014-9922 The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. LOW Apr 10, 2017 n/a
CVE-2014-9921 Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. High Mar 23, 2017 n/a
CVE-2014-9920 Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. -- Mar 14, 2017 n/a
CVE-2014-9919 An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php. MEDIUM May 15, 2019 n/a
CVE-2014-9918 An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php. MEDIUM May 15, 2019 n/a
CVE-2014-9917 An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter. MEDIUM May 15, 2019 n/a
CVE-2014-9916 Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. -- Feb 23, 2017 n/a
CVE-2014-9915 Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. Medium Mar 24, 2017 n/a
CVE-2014-9914 Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. HIGH Feb 7, 2017 n/a
CVE-2014-9913 Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Low Jan 20, 2017 n/a
CVE-2014-9912 The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. High Jan 6, 2017 n/a
CVE-2014-9911 Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. High Jan 6, 2017 n/a
CVE-2014-9910 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. High Jan 19, 2017 n/a
CVE-2014-9909 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. High Jan 19, 2017 n/a
CVE-2014-9908 A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). LOW Jan 13, 2020 n/a
CVE-2014-9907 coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. Medium Apr 21, 2017 n/a
CVE-2014-9905 Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. MEDIUM Nov 7, 2019 n/a
CVE-2014-9895 drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. Medium Aug 11, 2016 n/a
CVE-2014-9870 The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. High Aug 9, 2016 n/a
CVE-2014-9854 coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the identification of image. Medium Mar 21, 2017 n/a
CVE-2014-9853 Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Medium Mar 21, 2017 n/a
CVE-2014-9852 distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. High Mar 21, 2017 n/a
CVE-2014-9851 ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Medium Mar 22, 2017 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online