Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2209 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
CVE-2014-2227 1 Ui 1 Unifi Video 2025-04-12 N/A
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
CVE-2014-2237 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-12 N/A
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
CVE-2014-2265 2 Rocklobster, Wordpress 2 Contact Form 7, Wordpress 2025-04-12 N/A
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
CVE-2014-2268 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
CVE-2014-2273 1 Huawei 2 P2-6011, P2-6011 Firmware 2025-04-12 N/A
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.
CVE-2014-2276 1 Emc 1 Connectrix Manager 2025-04-12 N/A
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
CVE-2014-3202 1 Ayatana Project 1 Unity 2025-04-12 N/A
Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.
CVE-2014-3203 2 Ayatana Project, Canonical 2 Unity, Ubuntu Linux 2025-04-12 N/A
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.
CVE-2014-3204 2 Ayatana Project, Canonical 2 Unity, Ubuntu Linux 2025-04-12 N/A
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.
CVE-2014-3209 1 Nlnetlabs 1 Ldns 2025-04-12 N/A
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
CVE-2014-3215 2 Redhat, Selinuxproject 2 Enterprise Linux, Policycoreutils 2025-04-12 N/A
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
CVE-2014-3278 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.
CVE-2014-3279 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
CVE-2014-3280 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.
CVE-2014-3281 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.
CVE-2014-3282 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.
CVE-2014-3286 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.
CVE-2014-3290 1 Cisco 1 Ios Xe 2025-04-12 N/A
The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.
CVE-2014-3294 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.