Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0972 1 Codeaurora 1 Android-msm 2026-06-17 7.2 HIGH N/A
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
CVE-2014-0960 1 Ibm 1 Pureapplication System 2026-06-17 6.6 MEDIUM N/A
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.
CVE-2014-0936 1 Ibm 1 Security Appscan Source 2026-06-17 4.3 MEDIUM N/A
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-0908 1 Ibm 1 Business Process Manager 2026-06-17 6.0 MEDIUM N/A
The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.
CVE-2014-0906 1 Ibm 1 Sametime 2026-06-17 4.3 MEDIUM N/A
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.
CVE-2014-0905 1 Ibm 1 Infosphere Biginsights 2026-06-17 2.9 LOW N/A
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2014-0899 1 Ibm 1 Aix 2026-06-17 6.5 MEDIUM N/A
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
CVE-2014-0888 1 Ibm 2 Mobile Foundation, Worklight 2026-06-17 4.9 MEDIUM N/A
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.
CVE-2014-0877 1 Ibm 1 Cognos Tm1 2026-06-17 5.0 MEDIUM N/A
IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link.
CVE-2014-0875 1 Ibm 2 Storwize Unified V7000, Storwize Unified V7000 Software 2026-06-17 3.5 LOW N/A
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
CVE-2014-0858 1 Ibm 1 Content Navigator 2026-06-17 3.5 LOW N/A
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
CVE-2014-0854 1 Ibm 1 Cognos Business Intelligence 2026-06-17 5.0 MEDIUM N/A
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-0849 1 Ibm 2 Maximo Asset Management, Smartcloud Control Desk 2026-06-17 6.0 MEDIUM N/A
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
CVE-2014-0839 1 Ibm 1 Rational Focal Point 2026-06-17 4.0 MEDIUM N/A
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.
CVE-2014-0833 1 Ibm 1 Financial Transaction Manager 2026-06-17 5.5 MEDIUM N/A
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.
CVE-2014-0817 1 Cybozu 1 Garoon 2026-06-17 4.9 MEDIUM N/A
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
CVE-2014-0816 1 Norman 1 Security Suite 2026-06-17 7.2 HIGH N/A
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.
CVE-2014-0752 1 Ecava 1 Integraxor 2026-06-17 7.5 HIGH N/A
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
CVE-2014-0731 1 Cisco 1 Unified Communications Manager 2026-06-17 5.0 MEDIUM N/A
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
CVE-2014-0721 1 Cisco 1 Unified Sip Phone 3905 2026-06-17 10.0 HIGH N/A
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.