Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-17 | CVE-2014-2707 | OS Command Injection vulnerability in Linuxfoundation Cups-Filters cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | 8.3 |
2014-04-17 | CVE-2014-2469 | Remote Denial of Service vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
2014-04-17 | CVE-2014-2310 | Improper Input Validation vulnerability in Net-Snmp The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. | 5.0 |
2014-04-17 | CVE-2014-1933 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | 2.1 |
2014-04-17 | CVE-2014-1932 | Link Following vulnerability in multiple products The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | 4.4 |
2014-04-17 | CVE-2014-0984 | Permissions, Privileges, and Access Controls vulnerability in SAP Router 710/720/721 The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | 4.3 |
2014-04-17 | CVE-2014-0085 | Credentials Management vulnerability in Redhat Jboss A-Mq and Jboss Fuse JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. | 2.1 |
2014-04-17 | CVE-2014-0071 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 4.0 PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | 6.4 |
2014-04-17 | CVE-2014-0054 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. | 6.8 |
2014-04-17 | CVE-2014-0036 | Cryptographic Issues vulnerability in Amos Benari Rbovirt The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | 6.8 |