Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-27 | CVE-2014-1765 | Resource Management Errors vulnerability in Microsoft Internet Explorer Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 7.6 |
| 2014-04-27 | CVE-2014-1764 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
| 2014-04-27 | CVE-2014-1763 | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
| 2014-04-27 | CVE-2014-1762 | Remote Code Execution vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. | 7.5 |
| 2014-04-27 | CVE-2014-2994 | Buffer Errors vulnerability in Acunetix web vulnerability Scanner 8 Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute). | 10.0 |
| 2014-04-27 | CVE-2014-0181 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. | 2.1 |
| 2014-04-26 | CVE-2014-2993 | Cryptographic Issues vulnerability in Birebin Birebin.Com APP The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
| 2014-04-26 | CVE-2014-2992 | Cryptographic Issues vulnerability in Misli Misli.Com APP The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
| 2014-04-26 | CVE-2014-0350 | Cryptographic Issues vulnerability in Pocoproject Poco C++ Libraries 1.4.5/1.4.6 The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. | 6.4 |
| 2014-04-25 | CVE-2014-2996 | Code Injection vulnerability in Xcloner 3.5 XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. | 7.1 |