Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-26 | CVE-2014-2201 | Unspecified vulnerability in Cisco products The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915. | 7.8 |
| 2014-05-26 | CVE-2014-2200 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | 7.1 |
| 2014-05-26 | CVE-2014-2196 | Code Injection vulnerability in Cisco Wide Area Application Services 5.1.1 Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. | 9.3 |
| 2014-05-26 | CVE-2013-1191 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. | 7.1 |
| 2014-05-25 | CVE-2014-3284 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | 6.1 |
| 2014-05-25 | CVE-2014-0943 | Improper Input Validation vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. | 7.1 |
| 2014-05-25 | CVE-2014-0639 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-05-23 | CVE-2014-3849 | Permissions, Privileges, and Access Controls vulnerability in Imember360 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter. | 4.3 |
| 2014-05-23 | CVE-2014-3848 | Permissions, Privileges, and Access Controls vulnerability in Imember360 The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | 5.0 |
| 2014-05-23 | CVE-2014-3801 | Information Exposure vulnerability in Openstack Heat OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. | 3.5 |