Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-28 | CVE-2014-7178 | Improper Input Validation vulnerability in Enalean Tuleap Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | 9.3 |
| 2014-11-26 | CVE-2014-8551 | Code Injection vulnerability in Siemens products The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
| 2014-11-26 | CVE-2014-7247 | Data Processing Errors vulnerability in Justsystems Ichitaro and Ichitaro PRO Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file. | 10.0 |
| 2014-11-25 | CVE-2014-8439 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | 10.0 |
| 2014-11-25 | CVE-2014-8420 | Improper Input Validation vulnerability in Sonicwall Analyzer, Global Management System and UMA Em5000 The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
| 2014-11-25 | CVE-2014-8368 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Airwave The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | 9.0 |
| 2014-11-24 | CVE-2014-8418 | Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. | 9.0 |
| 2014-11-24 | CVE-2014-5314 | Buffer Errors vulnerability in Cybozu Dezie, Mailwise and Office Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | 9.0 |
| 2014-11-20 | CVE-2014-9002 | Permissions, Privileges, and Access Controls vulnerability in Lantronix Xprintserver Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | 10.0 |
| 2014-11-20 | CVE-2014-8387 | OS Command Injection vulnerability in Advantech Eki-6340 and Eki-6340 Firmware cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | 9.0 |