Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8493 1 Zte 2 Zxhn H108l, Zxhn H108l Firmware 2026-06-17 5.0 MEDIUM N/A
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
CVE-2014-8453 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2026-06-17 5.0 MEDIUM N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2014-8442 4 Adobe, Apple, Linux and 1 more 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more 2026-06-17 7.5 HIGH N/A
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.
CVE-2014-8428 1 Barracuda 1 Load Balancer 2026-06-17 7.5 HIGH 9.8 CRITICAL
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVE-2014-8421 2 Atos, Unify 8 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 55g and 5 more 2026-06-17 8.5 HIGH 7.5 HIGH
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
CVE-2014-8419 1 Wibu 1 Codemeter Runtime 2026-06-17 7.2 HIGH N/A
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2014-8418 1 Digium 2 Asterisk, Certified Asterisk 2026-06-17 9.0 HIGH N/A
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
CVE-2014-8417 1 Digium 2 Asterisk, Certified Asterisk 2026-06-17 6.5 MEDIUM N/A
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
CVE-2014-8413 1 Digium 1 Asterisk 2026-06-17 7.5 HIGH N/A
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
CVE-2014-8412 1 Digium 2 Asterisk, Certified Asterisk 2026-06-17 5.0 MEDIUM N/A
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
CVE-2014-8373 1 Vmware 1 Vcloud Automation Center 2026-06-17 9.0 HIGH N/A
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
CVE-2014-8370 1 Vmware 4 Esxi, Fusion, Player and 1 more 2026-06-17 6.4 MEDIUM N/A
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.
CVE-2014-8368 1 Arubanetworks 1 Airwave 2026-06-17 9.0 HIGH N/A
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
CVE-2014-8359 1 Huawei 4 Ec156, Ec176, Ec177 and 1 more 2026-06-17 7.2 HIGH N/A
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
CVE-2014-8270 1 Bmc 1 Track-it\! 2026-06-17 5.0 MEDIUM N/A
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
CVE-2014-8268 1 Qpr 1 Portal 2026-06-17 6.4 MEDIUM N/A
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
CVE-2014-8175 1 Redhat 1 Jboss Fuse 2026-06-17 6.0 MEDIUM N/A
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2014-8169 3 Automount Project, Opensuse, Redhat 6 Automount, Opensuse, Enterprise Linux Desktop and 3 more 2026-06-17 4.4 MEDIUM N/A
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVE-2014-8159 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2026-06-17 6.9 MEDIUM N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2014-8156 5 Debian, Fso-frameworkd Project, Fso-gsmd Project and 2 more 5 Debian Linux, Fso-frameworkd, Fso-gsmd and 2 more 2026-06-17 7.2 HIGH 7.8 HIGH
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.