Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4014 1 Linux 1 Linux Kernel 2026-06-17 6.2 MEDIUM N/A
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
CVE-2014-4003 1 Sap 1 Netweaver 2026-06-17 7.5 HIGH N/A
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
CVE-2014-3980 1 Daiki Ueno 1 Libfep 2026-06-17 4.6 MEDIUM N/A
libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.
CVE-2014-3969 1 Xen 1 Xen 2026-06-17 7.4 HIGH N/A
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
CVE-2014-3963 1 Owncloud 1 Owncloud 2026-06-17 4.0 MEDIUM N/A
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.
CVE-2014-3849 1 Imember360 1 Imember360 2026-06-17 4.3 MEDIUM N/A
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.
CVE-2014-3848 1 Imember360 1 Imember360 2026-06-17 5.0 MEDIUM N/A
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
CVE-2014-3844 2 Tinymce, Wordpress 2 Color Picker, Wordpress 2026-06-17 5.0 MEDIUM N/A
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2014-3838 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-17 4.0 MEDIUM N/A
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
CVE-2014-3837 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-17 4.0 MEDIUM N/A
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
CVE-2014-3835 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-17 5.5 MEDIUM N/A
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
CVE-2014-3834 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-17 7.5 HIGH N/A
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
CVE-2014-3816 1 Juniper 1 Junos 2026-06-17 9.0 HIGH N/A
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.
CVE-2014-3811 1 Juniper 2 Juniper Installer Service Client, Junos Pulse Client 2026-06-17 7.2 HIGH N/A
Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors.
CVE-2014-3800 1 Xbmc 1 Xbmc 2026-06-17 2.1 LOW N/A
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
CVE-2014-3790 1 Vmware 1 Vcenter Server Appliance 2026-06-17 9.0 HIGH N/A
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
CVE-2014-3772 1 Teampass 1 Teampass 2026-06-17 7.5 HIGH N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
CVE-2014-3771 1 Teampass 1 Teampass 2026-06-17 7.5 HIGH N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
CVE-2014-3752 1 Gdata-software 1 Totalprotection 2026-06-17 7.2 HIGH 6.7 MEDIUM
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
CVE-2014-3703 1 Redhat 1 Packstack 2026-06-17 5.0 MEDIUM N/A
OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions.