Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-15 | CVE-2014-0210 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. | 7.5 |
| 2014-05-15 | CVE-2014-0209 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. | 4.6 |
| 2014-05-15 | CVE-2013-4730 | Buffer Errors vulnerability in Pcman'S FTP Server Project Pcman'S FTP Server 2.0.7 Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | 10.0 |
| 2014-05-15 | CVE-2013-1810 | Cross-Site Scripting vulnerability in Mantisbt 1.2.12 Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function. | 2.1 |
| 2014-05-15 | CVE-2013-0197 | Cross-Site Scripting vulnerability in Mantisbt 1.2.12/1.2.13 Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php. | 4.3 |
| 2014-05-14 | CVE-2014-3443 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Jetaudio JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | 4.3 |
| 2014-05-14 | CVE-2014-3441 | Buffer Errors vulnerability in Videolan VLC Media Player 2.1.3 codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. | 4.3 |
| 2014-05-14 | CVE-2014-3430 | Improper Authentication vulnerability in Dovecot Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. | 5.0 |
| 2014-05-14 | CVE-2014-3146 | Unspecified vulnerability in Lxml Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. network lxml | 4.3 |
| 2014-05-14 | CVE-2014-1603 | Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.1 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php. | 4.3 |