Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-14 | CVE-2014-3225 | Path Traversal vulnerability in Cobblerd Cobbler Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | 4.0 |
2014-05-14 | CVE-2014-3127 | Path Traversal vulnerability in Debian Dpkg dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. | 7.1 |
2014-05-14 | CVE-2014-3121 | OS Command Injection vulnerability in Marc Lehmann Rxvt-Unicode rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | 7.6 |
2014-05-14 | CVE-2014-2591 | Privilege Escalation vulnerability in BMC Patrol Agent 3.9.00 Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. local bmc | 6.9 |
2014-05-14 | CVE-2014-2405 | Remote Security vulnerability in Oracle Openjdk 1.6.0 Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. | 10.0 |
2014-05-14 | CVE-2014-2046 | Cryptographic Issues vulnerability in Broadcom Pipa C211 and Pipa C211 web Interface cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors. | 9.7 |
2014-05-14 | CVE-2014-1909 | Numeric Errors vulnerability in multiple products Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. | 7.5 |
2014-05-14 | CVE-2014-1849 | Credentials Management vulnerability in Foscam IP Camera Firmware 11.37.2.49 Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server. | 10.0 |
2014-05-14 | CVE-2014-0462 | Remote Security vulnerability in Oracle Openjdk 1.6.0 Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. | 10.0 |
2014-05-14 | CVE-2011-4407 | Improper Input Validation vulnerability in Canonical Software-Properties and Ubuntu Linux ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. | 4.3 |