Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-12 | CVE-2014-4628 | Cross-Site Scripting vulnerability in EMC Isilon Insightiq Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-12-12 | CVE-2014-2516 | URI Redirection vulnerability in EMC RSA Authentication Manager 8.0/8.1 Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network emc | 5.8 |
2014-12-12 | CVE-2014-6210 | Improper Input Validation vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | 4.0 |
2014-12-12 | CVE-2014-6209 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. | 4.0 |
2014-12-12 | CVE-2014-9374 | Denial of Service vulnerability in Multiple Asterisk Products WebSocket Server Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. | 5.0 |
2014-12-12 | CVE-2014-8956 | Buffer Errors vulnerability in K7Computing K7Av Sentry Device Driver 12.8.0.118 Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors. | 7.2 |
2014-12-12 | CVE-2014-8608 | NULL Pointer Dereference Denial of Service vulnerability in K7Computing K7Av Sentry Device Driver 12.8.0.118 The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing "crashme$$". | 4.9 |
2014-12-12 | CVE-2014-8515 | Command Injection vulnerability in Bittorrent The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | 6.8 |
2014-12-12 | CVE-2014-8489 | Remote Security vulnerability in Pingidentity Pingfederate 6.10.1 Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. | 6.4 |
2014-12-12 | CVE-2014-7136 | Buffer Errors vulnerability in K7Computing K7Firewall Packet Driver 14.0.1.15 Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. | 7.2 |