Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-18 | CVE-2014-2856 | Cross-Site Scripting vulnerability in Apple Cups Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. | 4.3 |
| 2014-04-18 | CVE-2014-2844 | Cross-Site Scripting vulnerability in F-Secure Secure Messaging Secure Gateway 7.5.0 Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. | 3.5 |
| 2014-04-18 | CVE-2014-0150 | Numeric Errors vulnerability in multiple products Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. | 4.9 |
| 2014-04-18 | CVE-2013-7369 | SQL Injection vulnerability in F-Secure products SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | 7.5 |
| 2014-04-18 | CVE-2013-4290 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. | 10.0 |
| 2014-04-18 | CVE-2013-4289 | Numeric Errors vulnerability in Uclouvain Openjpeg Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. | 10.0 |
| 2014-04-18 | CVE-2012-6646 | Local Security Bypass vulnerability in F-Secure Anti-Virus, PSB Workstation Security and Safe Anywhere F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. | 2.1 |
| 2014-04-18 | CVE-2012-0871 | Link Following vulnerability in multiple products The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | 6.3 |
| 2014-04-17 | CVE-2014-2880 | Improper Input Validation vulnerability in Oracle Identity Manager 11.1.2.1.0 Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. | 5.8 |
| 2014-04-17 | CVE-2014-2879 | Cross-Site Scripting vulnerability in Sonicwall Email Security Appliance Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. | 4.3 |