Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9646 1 Google 1 Chrome 2026-06-17 4.6 MEDIUM N/A
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.
CVE-2014-9643 1 K7computing 4 Anti-virus Plus, K7sentry.sys, Total Security and 1 more 2026-06-17 7.2 HIGH N/A
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.
CVE-2014-9642 1 Bullguard 4 Bdagent.sys, Internet Security, Online Backup and 1 more 2026-06-17 7.2 HIGH N/A
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.
CVE-2014-9641 1 Trendmicro 1 Tmeext.sys 2026-06-17 7.2 HIGH N/A
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
CVE-2014-9633 1 Comodo 1 Backup 2026-06-17 7.5 HIGH N/A
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
CVE-2014-9632 1 Avg 2 Internet Security, Protection 2026-06-17 7.2 HIGH N/A
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
CVE-2014-9610 1 Netsweeper 1 Netsweeper 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
CVE-2014-9583 2 Asus, T-mobile 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more 2026-06-17 10.0 HIGH N/A
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
CVE-2014-9575 1 Vdgsecurity 1 Vdg Sense 2026-06-17 6.4 MEDIUM N/A
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
CVE-2014-9503 1 Open Atrium Project 1 Open Atrium 2026-06-17 5.5 MEDIUM 6.5 MEDIUM
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
CVE-2014-9494 1 Pivotal Software 1 Rabbitmq 2026-06-17 5.0 MEDIUM N/A
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
CVE-2014-9493 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2026-06-17 5.5 MEDIUM N/A
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
CVE-2014-9476 1 Mediawiki 1 Mediawiki 2026-06-17 5.0 MEDIUM N/A
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."
CVE-2014-9466 1 Open-xchange 1 Open-xchange Appsuite 2026-06-17 4.0 MEDIUM N/A
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
CVE-2014-9387 1 Sap 1 Businessobjects 2026-06-17 10.0 HIGH N/A
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
CVE-2014-9357 1 Docker 1 Docker 2026-06-17 10.0 HIGH N/A
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CVE-2014-9353 1 Netapp 1 Oncommand Balance 2026-06-17 10.0 HIGH N/A
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.
CVE-2014-9324 1 Otrs 1 Otrs Help Desk 2026-06-17 6.0 MEDIUM N/A
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
CVE-2014-9304 1 Plex 1 Media Server 2026-06-17 7.5 HIGH N/A
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
CVE-2014-9262 1 Snapcreek 1 Duplicator 2026-06-17 5.5 MEDIUM 8.2 HIGH
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.