Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-08 | CVE-2014-3422 | Link Following vulnerability in multiple products lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | 3.3 |
| 2014-05-08 | CVE-2014-3421 | Link Following vulnerability in multiple products lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | 3.3 |
| 2014-05-08 | CVE-2014-3215 | Permissions, Privileges, and Access Controls vulnerability in Selinuxproject Policycoreutils 2.2.5 seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges. | 6.9 |
| 2014-05-08 | CVE-2014-2936 | Code Injection vulnerability in Caldera 9.20 The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php. | 7.5 |
| 2014-05-08 | CVE-2014-2935 | OS Command Injection vulnerability in Caldera 9.20 costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. | 10.0 |
| 2014-05-08 | CVE-2014-2934 | SQL Injection vulnerability in Caldera 9.20 Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | 7.5 |
| 2014-05-08 | CVE-2014-2933 | Path Traversal vulnerability in Caldera 9.20 Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | 5.0 |
| 2014-05-08 | CVE-2014-2602 | Remote Privilege Escalation vulnerability in RETIRED: HP Oneview 1.0/1.01 Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
| 2014-05-08 | CVE-2014-2136 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. | 9.3 |
| 2014-05-08 | CVE-2014-2135 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. | 9.3 |