Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3684 1 Adaptivecomputing 1 Torque Resource Manager 2026-06-17 6.8 MEDIUM N/A
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.
CVE-2014-3674 1 Redhat 1 Openshift 2026-06-17 7.5 HIGH N/A
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2014-3665 1 Jenkins 1 Jenkins 2026-06-17 6.8 MEDIUM N/A
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CVE-2014-3663 2 Jenkins, Redhat 2 Jenkins, Openshift 2026-06-17 6.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVE-2014-3642 1 Redhat 6 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 3 more 2026-06-17 6.5 MEDIUM N/A
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
CVE-2014-3632 1 Openstack 1 Neutron 2026-06-17 7.6 HIGH N/A
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
CVE-2014-3617 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
CVE-2014-3602 1 Redhat 1 Openshift 2026-06-17 2.1 LOW N/A
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
CVE-2014-3586 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 2.1 LOW N/A
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2014-3576 2 Apache, Oracle 3 Activemq, Business Intelligence Publisher, Fusion Middleware 2026-06-17 5.0 MEDIUM 7.5 HIGH
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
CVE-2014-3559 1 Redhat 1 Enterprise Virtualization 2026-06-17 3.5 LOW N/A
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
CVE-2014-3558 1 Redhat 1 Hibernate Validator 2026-06-17 5.0 MEDIUM N/A
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
CVE-2014-3555 1 Openstack 1 Neutron 2026-06-17 4.0 MEDIUM N/A
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
CVE-2014-3553 1 Moodle 1 Moodle 2026-06-17 4.9 MEDIUM N/A
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
CVE-2014-3546 1 Moodle 1 Moodle 2026-06-17 5.0 MEDIUM N/A
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
CVE-2014-3521 1 Redhat 1 Conga 2026-06-17 5.5 MEDIUM N/A
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2014-3514 1 Rubyonrails 1 Rails 2026-06-17 7.5 HIGH N/A
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
CVE-2014-3499 2 Docker, Fedoraproject 2 Docker, Fedora 2026-06-17 7.2 HIGH N/A
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
CVE-2014-3472 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 4.9 MEDIUM N/A
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.
CVE-2014-3464 1 Redhat 1 Jboss Enterprise Application Platform 2026-06-17 5.5 MEDIUM N/A
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133.