Vulnerabilities (CVE)

Filtered by CWE-264
Total 5231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-6339 1 Microsoft 1 Internet Explorer 2024-11-21 5.0 MEDIUM N/A
Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2014-6331 1 Microsoft 3 Active Directory Federation Services, Windows 2008, Windows Server 2012 2024-11-21 5.0 MEDIUM N/A
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
CVE-2014-6289 2 Daniel Lienert, Michael Knoll 2 Yet Another Gallery, Tools For Extbase Developmen 2024-11-21 7.5 HIGH N/A
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
CVE-2014-6288 1 Alex Kellner 1 Powermail 2024-11-21 7.5 HIGH N/A
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
CVE-2014-6284 1 Sybase 1 Adaptive Server Enterprise 2024-11-21 7.5 HIGH N/A
SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.
CVE-2014-6283 1 Sybase 1 Adaptive Server Enterprise 2024-11-21 6.5 MEDIUM N/A
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.
CVE-2014-6276 2 Debian, Roundup-tracker 2 Debian Linux, Roundup 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVE-2014-6257 1 Zenoss 1 Zenoss Core 2024-11-21 5.0 MEDIUM N/A
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
CVE-2014-6256 1 Zenoss 1 Zenoss Core 2024-11-21 7.5 HIGH N/A
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
CVE-2014-6186 1 Ibm 1 Websphere Service Registry And Repository 2024-11-21 4.0 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.
CVE-2014-6185 1 Ibm 1 Tivoli Storage Manager 2024-11-21 7.2 HIGH N/A
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
CVE-2014-6181 1 Ibm 1 Websphere Service Registry And Repository 2024-11-21 4.0 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-6177 1 Ibm 1 Websphere Service Registry And Repository 2024-11-21 4.0 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-6160 2 Google, Ibm 3 Chrome, Webseal, Websphere Service Registry And Repository 2024-11-21 2.1 LOW N/A
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
CVE-2014-6141 1 Ibm 1 Tivoli Monitoring 2024-11-21 8.5 HIGH N/A
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.
CVE-2014-6139 1 Ibm 1 Business Process Manager 2024-11-21 4.0 MEDIUM N/A
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
CVE-2014-6129 1 Ibm 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more 2024-11-21 5.5 MEDIUM N/A
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.
CVE-2014-6122 1 Ibm 2 Security Appscan, Security Appscan Source 2024-11-21 5.5 MEDIUM N/A
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.
CVE-2014-6102 1 Ibm 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more 2024-11-21 2.1 LOW N/A
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
CVE-2014-6043 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-11-21 6.5 MEDIUM N/A
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.