Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7920 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
CVE-2014-7911 1 Google 1 Android 2026-06-17 7.2 HIGH N/A
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
CVE-2014-7882 1 Hp 1 Sitescope 2026-06-17 5.5 MEDIUM N/A
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.
CVE-2014-7872 1 Comodo 1 Geekbuddy 2026-06-17 7.2 HIGH N/A
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
CVE-2014-7862 1 Zohocorp 1 Desktop Central 2026-06-17 7.5 HIGH 9.8 CRITICAL
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
CVE-2014-7851 2 Ovirt, Redhat 2 Ovirt, Ovirt-engine 2026-06-17 6.0 MEDIUM 7.5 HIGH
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
CVE-2014-7849 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 4.0 MEDIUM N/A
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
CVE-2014-7846 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.
CVE-2014-7837 1 Moodle 1 Moodle 2026-06-17 5.5 MEDIUM N/A
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
CVE-2014-7834 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
CVE-2014-7832 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
CVE-2014-7828 1 Freeipa 1 Freeipa 2026-06-17 3.5 LOW N/A
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
CVE-2014-7827 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 3.5 LOW N/A
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
CVE-2014-7822 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH N/A
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
CVE-2014-7298 1 Centrify 2 Centrify Suite, Directcontrol 2026-06-17 4.9 MEDIUM N/A
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
CVE-2014-7288 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2026-06-17 9.0 HIGH N/A
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
CVE-2014-7279 1 Kankunit 2 Konke Smart Plug, Konke Smart Plug Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVE-2014-7272 2 Fedoraproject, Sddm Project 2 Fedora, Sddm 2026-06-17 7.2 HIGH 7.8 HIGH
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
CVE-2014-7237 2 Microsoft, Twiki 2 Windows, Twiki 2026-06-17 6.8 MEDIUM N/A
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
CVE-2014-7194 1 Tibco 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more 2026-06-17 6.4 MEDIUM N/A
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.