Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1989 1 Cybozu 1 Garoon 2026-06-17 6.0 MEDIUM N/A
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVE-2014-1986 1 Kokuyo 1 Camiapp 2026-06-17 5.8 MEDIUM N/A
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.
CVE-2014-1978 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2026-06-17 4.3 MEDIUM N/A
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1977 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2026-06-17 4.3 MEDIUM N/A
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1960 1 Sap 2 Netweaver, Netweaver Solution Manager 2026-06-17 5.0 MEDIUM N/A
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-1959 1 Gnu 1 Gnutls 2026-06-17 5.8 MEDIUM N/A
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVE-2014-1957 1 Fortinet 1 Fortiweb 2026-06-17 6.5 MEDIUM N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-1946 1 Opendocman 1 Opendocman 2026-06-17 6.5 MEDIUM 8.8 HIGH
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
CVE-2014-1933 2 Python, Pythonware 2 Pillow, Python Imaging Library 2026-06-17 2.1 LOW N/A
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
CVE-2014-1903 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-06-17 7.5 HIGH N/A
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
CVE-2014-1889 1 Buddypress 1 Buddypress 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
CVE-2014-1887 2 Adobe, Drinkedin 2 Phonegap, Drinkedin Barfinder 2026-06-17 4.3 MEDIUM N/A
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
CVE-2014-1886 2 Adobe, Edinburghtour 2 Phonegap, Edinburgh By Bus 2026-06-17 6.8 MEDIUM N/A
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
CVE-2014-1885 2 Adobe, Hsgroup 2 Phonegap, Forzearmate 2026-06-17 6.4 MEDIUM N/A
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.
CVE-2014-1884 3 Adobe, Apache, Microsoft 3 Phonegap, Cordova, Windows Phone 2026-06-17 7.5 HIGH N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1883 1 Adobe 1 Phonegap 2026-06-17 7.5 HIGH N/A
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1882 2 Adobe, Apache 2 Phonegap, Cordova 2026-06-17 7.5 HIGH N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
CVE-2014-1881 2 Adobe, Apache 2 Phonegap, Cordova 2026-06-17 7.5 HIGH N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
CVE-2014-1846 1 Enlightenment 1 Enlightenment 2026-06-17 4.6 MEDIUM 7.8 HIGH
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
CVE-2014-1845 1 Enlightenment 1 Enlightenment 2026-06-17 4.6 MEDIUM 7.8 HIGH
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.