Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4431 1 Apple 1 Mac Os X 2026-06-17 2.1 LOW N/A
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
CVE-2014-4427 1 Apple 1 Mac Os X 2026-06-17 7.5 HIGH N/A
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
CVE-2014-4423 1 Apple 1 Iphone Os 2026-06-17 4.3 MEDIUM N/A
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
CVE-2014-4368 1 Apple 1 Iphone Os 2026-06-17 6.9 MEDIUM N/A
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
CVE-2014-4367 1 Apple 1 Iphone Os 2026-06-17 2.1 LOW N/A
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
CVE-2014-4354 1 Apple 1 Iphone Os 2026-06-17 5.8 MEDIUM N/A
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
CVE-2014-4338 1 Linuxfoundation 1 Cups-filters 2026-06-17 4.0 MEDIUM N/A
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
CVE-2014-4200 1 Vmware 3 Tools, Vm-support, Workstation 2026-06-17 4.7 MEDIUM N/A
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
CVE-2014-4167 2 Canonical, Openstack 2 Ubuntu Linux, Neutron 2026-06-17 3.5 LOW N/A
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
CVE-2014-4157 1 Linux 1 Linux Kernel 2026-06-17 4.6 MEDIUM N/A
arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.
CVE-2014-4154 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2026-06-17 5.0 MEDIUM N/A
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
CVE-2014-4140 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2014-4124 1 Microsoft 1 Internet Explorer 2026-06-17 6.8 MEDIUM N/A
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.
CVE-2014-4122 1 Microsoft 1 .net Framework 2026-06-17 4.3 MEDIUM N/A
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."
CVE-2014-4078 1 Microsoft 1 Internet Information Services 2026-06-17 5.1 MEDIUM N/A
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."
CVE-2014-4076 1 Microsoft 1 Windows Server 2003 2026-06-17 7.2 HIGH N/A
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
CVE-2014-4074 1 Microsoft 5 Windows 8, Windows 8.1, Windows Rt and 2 more 2026-06-17 7.2 HIGH N/A
The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability."
CVE-2014-4073 1 Microsoft 1 .net Framework 2026-06-17 10.0 HIGH N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."
CVE-2014-4062 1 Microsoft 1 .net Framework 2026-06-17 4.3 MEDIUM N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."
CVE-2014-4039 3 Ppc64-diag Project, Redhat, Suse 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server 2026-06-17 2.1 LOW N/A
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.