Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-16 | CVE-2014-3452 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Codecguide K-Lite Codec Pack Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file. | 4.3 |
2014-05-16 | CVE-2014-1613 | Code Injection vulnerability in Dotclear Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php. | 7.5 |
2014-05-16 | CVE-2014-1418 | Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. | 6.4 |
2014-05-16 | CVE-2013-7379 | Improper Authentication vulnerability in Ucdok Tomato 0.0.5 The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key. | 6.8 |
2014-05-16 | CVE-2014-3759 | SQL Injection vulnerability in Karlen Walter SI Bibtex 0.2.3 Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality. | 7.5 |
2014-05-16 | CVE-2014-3758 | Cross-Site Scripting vulnerability in Karlen Walter SI Bibtex 0.2.3 Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality. | 4.3 |
2014-05-16 | CVE-2014-0749 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adaptivecomputing Torque Resource Manager Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value. | 10.0 |
2014-05-16 | CVE-2014-3750 | Cryptographic Issues vulnerability in Bilyoner 2.1.1/4.6 The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2014-05-16 | CVE-2014-3263 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M/15.3M The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | 5.4 |
2014-05-16 | CVE-2014-3262 | Improper Input Validation vulnerability in Cisco IOS XE The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | 4.3 |