Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8868 1 Entrypass 1 N5200 Active Network Control Panel 2026-06-17 7.8 HIGH N/A
EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.
CVE-2014-8838 1 Apple 1 Mac Os X 2026-06-17 4.3 MEDIUM N/A
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.
CVE-2014-8831 1 Apple 1 Mac Os X 2026-06-17 5.0 MEDIUM N/A
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.
CVE-2014-8828 1 Apple 1 Mac Os X 2026-06-17 7.5 HIGH N/A
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
CVE-2014-8823 1 Apple 1 Mac Os X 2026-06-17 4.7 MEDIUM N/A
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.
CVE-2014-8802 1 Genetechsolutions 1 Pie Register 2026-06-17 5.0 MEDIUM N/A
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
CVE-2014-8734 1 Drupal 1 Organic Groups Menu 2026-06-17 3.5 LOW N/A
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.
CVE-2014-8708 1 Pluck-cms 1 Pluck 2026-06-17 7.5 HIGH 9.8 CRITICAL
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
CVE-2014-8655 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2026-06-17 5.0 MEDIUM N/A
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
CVE-2014-8651 1 Kde 2 Kde-workspace, Plasma-desktop 2026-06-17 7.2 HIGH N/A
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
CVE-2014-8643 3 Microsoft, Mozilla, Opensuse 3 Windows, Firefox, Opensuse 2026-06-17 7.1 HIGH N/A
Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.
CVE-2014-8612 1 Freebsd 1 Freebsd 2026-06-17 4.6 MEDIUM N/A
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
CVE-2014-8610 1 Google 1 Android 2026-06-17 3.3 LOW N/A
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
CVE-2014-8609 1 Google 1 Android 2026-06-17 7.2 HIGH N/A
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
CVE-2014-8605 1 Xcloner 1 Xcloner 2026-06-17 5.0 MEDIUM N/A
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.
CVE-2014-8580 1 Citrix 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware 2026-06-17 4.9 MEDIUM N/A
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
CVE-2014-8571 1 Huawei 6 Ascend P6 Edge-c00, Ascend P6 Edge-c00 Firmware, Ascend P6 Edge-t00 and 3 more 2026-06-17 4.3 MEDIUM 3.3 LOW
Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.
CVE-2014-8558 1 Jexperts 1 Channel Platform 2026-06-17 6.5 MEDIUM N/A
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
CVE-2014-8540 1 Gitlab 1 Gitlab 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVE-2014-8494 1 Estsoft 1 Alupdate 2026-06-17 4.6 MEDIUM N/A
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.