Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-6185 1 Ibm 1 Tivoli Storage Manager 2026-06-17 7.2 HIGH N/A
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
CVE-2014-6181 1 Ibm 1 Websphere Service Registry And Repository 2026-06-17 4.0 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-6177 1 Ibm 1 Websphere Service Registry And Repository 2026-06-17 4.0 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-6160 2 Google, Ibm 3 Chrome, Webseal, Websphere Service Registry And Repository 2026-06-17 2.1 LOW N/A
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
CVE-2014-6141 1 Ibm 1 Tivoli Monitoring 2026-06-17 8.5 HIGH N/A
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.
CVE-2014-6139 1 Ibm 1 Business Process Manager 2026-06-17 4.0 MEDIUM N/A
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
CVE-2014-6129 1 Ibm 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more 2026-06-17 5.5 MEDIUM N/A
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.
CVE-2014-6122 1 Ibm 2 Security Appscan, Security Appscan Source 2026-06-17 5.5 MEDIUM N/A
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.
CVE-2014-6102 1 Ibm 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more 2026-06-17 2.1 LOW N/A
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
CVE-2014-6043 1 Zohocorp 1 Manageengine Eventlog Analyzer 2026-06-17 6.5 MEDIUM N/A
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
CVE-2014-6041 1 Google 1 Android Browser 2026-06-17 5.8 MEDIUM N/A
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
CVE-2014-5507 1 Pro Softnet Corporation 1 Ibackup 2026-06-17 7.2 HIGH N/A
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2014-5457 1 Qnap 8 Ss-839, Ss-839 Firmware, Ts-459u and 5 more 2026-06-17 2.1 LOW N/A
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.
CVE-2014-5453 1 Ubi 1 Uplay Pc 2026-06-17 7.2 HIGH N/A
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
CVE-2014-5443 1 Seafile 1 Seafile Server 2026-06-17 4.6 MEDIUM 7.8 HIGH
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
CVE-2014-5424 1 Rockwellautomation 1 Connected Components Workbench 2026-06-17 7.5 HIGH N/A
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
CVE-2014-5415 1 Beckhoff 2 Embedded Pc Images, Twincat 2026-06-17 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
CVE-2014-5412 2 Aveva, Schneider-electric 2 Clearscada, Scada Expert Clearscada 2026-06-17 6.4 MEDIUM N/A
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
CVE-2014-5356 2 Canonical, Openstack 2 Ubuntu Linux, Image Registry And Delivery Service \(glance\) 2026-06-17 4.0 MEDIUM N/A
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
CVE-2014-5337 2 Wordpress Mobile Pack Project, Wpmobilepack 2 Wordpress Mobile Pack, Wordpress Mobile Pack 2026-06-17 5.0 MEDIUM N/A
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.