CVE-2014-2019

MEDIUM Year: 2014
CVSS v3 Score
4.6
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

Related Vulnerabilities

CVE-2016-4381

MEDIUM
CVSS:4.5(Medium)

HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended acc...

CWE-2642016

CVE-2016-5991

MEDIUM
CVSS:4.5(Medium)

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

CWE-2642016

CVE-2017-18450

MEDIUM
CVSS:4.5(Medium)

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).

CWE-2642017

CVE-2015-0296

MEDIUM
CVSS:4.7(Medium)

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file ...

CWE-2642015

CVE-2016-3258

MEDIUM
CVSS:4.7(Medium)

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism...

CWE-2642016

CVE-2016-5253

MEDIUM
CVSS:4.7(Medium)

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

CWE-2642016