Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-28 | CVE-2013-4285 | Credentials Management vulnerability in Dkorunic PAM S/Key A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory. | 2.1 |
| 2014-04-27 | CVE-2014-2285 | Improper Input Validation vulnerability in Net-Snmp The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. | 4.3 |
| 2014-04-27 | CVE-2013-6053 | Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1 OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | 5.0 |
| 2014-04-27 | CVE-2013-0296 | Permissions, Privileges, and Access Controls vulnerability in Zlib Pigz Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | 4.4 |
| 2014-04-27 | CVE-2011-3603 | Improper Input Validation vulnerability in Litech Router Advertisement Daemon The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. | 4.4 |
| 2014-04-27 | CVE-2014-3007 | OS Command Injection vulnerability in multiple products Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | 10.0 |
| 2014-04-27 | CVE-2013-6887 | Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1 OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | 6.4 |
| 2014-04-27 | CVE-2011-3152 | Cryptographic Issues vulnerability in Canonical Ubuntu Linux and Update-Manager DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. | 6.4 |
| 2014-04-27 | CVE-2014-1776 | Use After Free vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. | 9.8 |
| 2014-04-27 | CVE-2014-1766 | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 9.3 |