CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2014-1378 264 Bypass 2014-07-01 2015-12-22
2.1
None Local Low Not required Partial None None
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
252 CVE-2014-1375 264 Bypass 2014-07-01 2015-12-22
2.1
None Local Low Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
253 CVE-2014-1372 264 Bypass +Info 2014-07-01 2015-11-20
4.9
None Local Low Not required Complete None None
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.
254 CVE-2014-1360 20 Bypass 2014-07-01 2017-01-06
2.1
None Local Low Not required None Partial None
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
255 CVE-2014-1353 264 Bypass 2014-07-01 2017-01-06
3.6
None Local Low Not required Partial Partial None
Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.
256 CVE-2014-1351 264 Bypass 2014-07-01 2017-01-06
3.6
None Local Low Not required Partial Partial None
Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
257 CVE-2014-1350 264 Bypass 2014-07-01 2017-01-06
4.6
None Local Low Not required Partial Partial Partial
Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
258 CVE-2014-1346 20 Bypass 2014-05-22 2015-12-08
5.0
None Remote Low Not required None Partial None
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
259 CVE-2014-1322 200 Bypass +Info 2014-04-23 2014-04-24
4.9
None Local Low Not required Complete None None
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
260 CVE-2014-1321 264 Bypass 2014-04-23 2014-04-24
3.3
None Local Medium Not required Partial Partial None
Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.
261 CVE-2014-1320 200 Bypass +Info 2014-04-23 2014-04-24
4.9
None Local Low Not required Complete None None
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
262 CVE-2014-1314 264 Exec Code Bypass 2014-04-23 2014-04-24
10.0
None Remote Low Not required Complete Complete Complete
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
263 CVE-2014-1303 119 Exec Code Overflow Bypass 2014-03-26 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
264 CVE-2014-1297 20 Bypass 2014-04-02 2014-04-02
5.0
None Remote Low Not required Partial None None
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
265 CVE-2014-1296 264 Bypass 2014-04-23 2014-04-23
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
266 CVE-2014-1285 264 Bypass 2014-03-14 2014-03-14
5.8
None Remote Medium Not required Partial Partial None
Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
267 CVE-2014-1282 264 Bypass 2014-03-14 2014-03-14
5.8
None Remote Medium Not required Partial Partial None
The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.
268 CVE-2014-1273 20 Bypass 2014-03-14 2014-03-14
5.8
None Remote Medium Not required Partial Partial None
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
269 CVE-2014-1267 20 Bypass 2014-03-14 2014-03-14
5.8
None Remote Medium Not required Partial Partial None
The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.
270 CVE-2014-1265 264 Bypass 2014-02-26 2014-02-27
4.6
None Local Low Not required Partial Partial Partial
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
271 CVE-2014-1264 264 Bypass 2014-02-26 2014-03-10
3.3
None Local Medium Not required Partial Partial None
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.
272 CVE-2014-1262 119 Overflow Mem. Corr. Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.
273 CVE-2014-1257 264 Bypass 2014-02-26 2014-02-27
3.6
None Local Low Not required Partial Partial None
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
274 CVE-2014-1256 119 Overflow Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
275 CVE-2014-1255 20 Bypass 2014-02-26 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
276 CVE-2014-1213 264 DoS Bypass 2014-02-10 2018-10-09
5.6
None Local Low Not required None Partial Complete
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.
277 CVE-2014-0973 287 Bypass 2014-08-24 2016-07-13
7.2
None Local Low Not required Complete Complete Complete
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.
278 CVE-2014-0960 264 Bypass 2014-06-14 2017-08-28
6.6
None Local Medium Single system Complete Complete Complete
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.
279 CVE-2014-0954 20 DoS Bypass +Info 2014-05-22 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
280 CVE-2014-0924 20 Bypass 2014-04-15 2017-08-28
4.6
None Remote High Single system Partial Partial Partial
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring.
281 CVE-2014-0899 264 Bypass 2014-03-11 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
282 CVE-2014-0888 264 Bypass 2014-08-29 2017-08-28
4.9
None Remote Medium Single system None Partial Partial
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.
283 CVE-2014-0886 78 Exec Code Bypass 2014-03-25 2017-08-28
7.1
None Remote High Single system Complete Complete Complete
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
284 CVE-2014-0877 264 Bypass 2014-09-05 2017-08-28
5.0
None Remote Low Not required None Partial None
IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link.
285 CVE-2014-0875 264 Bypass 2014-07-07 2017-01-06
3.5
None Remote Medium Single system Partial None None
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
286 CVE-2014-0868 20 Bypass 2014-07-07 2018-10-09
4.9
None Remote Medium Single system None Partial Partial
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.
287 CVE-2014-0865 20 Bypass 2014-07-07 2018-10-09
4.9
None Remote Medium Single system None Partial Partial
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.
288 CVE-2014-0858 264 Bypass 2014-02-27 2017-08-28
3.5
None Remote Medium Single system None Partial None
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
289 CVE-2014-0833 264 Bypass 2014-02-01 2018-01-02
5.5
None Remote Low Single system Partial Partial None
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.
290 CVE-2014-0743 287 Bypass 2014-02-26 2015-07-29
5.0
None Remote Low Not required None Partial None
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
291 CVE-2014-0739 287 Bypass 2014-02-22 2016-09-09
4.3
None Remote Medium Not required None Partial None
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.
292 CVE-2014-0738 287 Bypass 2014-02-22 2016-09-09
4.3
None Remote Medium Not required None Partial None
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
293 CVE-2014-0737 287 Bypass 2014-02-22 2014-03-05
4.3
None Remote Medium Not required None Partial None
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.
294 CVE-2014-0731 264 Bypass 2014-02-22 2016-09-09
5.0
None Remote Low Not required Partial None None
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
295 CVE-2014-0724 20 Bypass 2014-02-13 2014-02-13
4.0
None Remote Low Single system Partial None None
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
296 CVE-2014-0703 362 Bypass 2014-03-06 2014-03-07
10.0
None Remote Low Not required Complete Complete Complete
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
297 CVE-2014-0685 264 Bypass 2014-05-07 2014-05-07
5.0
None Remote Low Not required Partial None None
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.
298 CVE-2014-0682 264 Bypass 2014-01-29 2018-01-02
4.9
None Remote Medium Single system Partial None Partial
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.
299 CVE-2014-0676 264 Bypass 2014-01-22 2017-08-28
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
300 CVE-2014-0669 264 Bypass 2014-01-22 2017-08-28
5.0
None Remote Low Not required None Partial None
The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.
Total number of vulnerabilities : 457   Page : 1 2 3 4 5 6 (This Page)7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.