Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-15 | CVE-2014-0923 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | 4.3 |
| 2014-04-15 | CVE-2014-0922 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | 4.3 |
| 2014-04-15 | CVE-2014-0921 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | 4.3 |
| 2014-04-15 | CVE-2014-0642 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. | 5.5 |
| 2014-04-15 | CVE-2014-0514 | Permissions, Privileges, and Access Controls vulnerability in Adobe Reader 11.1.0/11.1.3 The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. | 9.3 |
| 2014-04-15 | CVE-2013-7368 | Cross-Site Scripting vulnerability in Raoul Proenca Gnew 2013.1 Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php. | 4.3 |
| 2014-04-15 | CVE-2014-2842 | Resource Management Errors vulnerability in Juniper Screenos Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. | 7.8 |
| 2014-04-15 | CVE-2014-2828 | Improper Authentication vulnerability in Openstack Keystone The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | 7.8 |
| 2014-04-15 | CVE-2014-2690 | Permissions, Privileges, and Access Controls vulnerability in Citrix Vdi-In-A-Box Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | 2.1 |
| 2014-04-15 | CVE-2014-0139 | Cryptographic Issues vulnerability in Haxx Curl and Libcurl cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 5.8 |