Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-02 | CVE-2013-2019 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ROM Walton Boinc 6.10.58/6.12.34 Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | 9.3 |
2014-06-01 | CVE-2014-3790 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.1/5.5 Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | 9.0 |
2014-05-27 | CVE-2013-2090 | OS Command Injection vulnerability in Uplawski Creme Fraiche The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. | 9.3 |
2014-05-26 | CVE-2014-2504 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method. | 9.0 |
2014-05-26 | CVE-2014-2196 | Code Injection vulnerability in Cisco Wide Area Application Services 5.1.1 Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. | 9.3 |
2014-05-22 | CVE-2014-1770 | Resource Management Errors vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. | 9.3 |
2014-05-21 | CVE-2012-1166 | OS Command Injection vulnerability in Canonical Ltsp Display Manager and Ubuntu Linux The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | 10.0 |
2014-05-20 | CVE-2014-3791 | Buffer Errors vulnerability in Efssoft Easy File Sharing web Server 6.8 Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. | 10.0 |
2014-05-20 | CVE-2014-3412 | Remote Code Execution vulnerability in Juniper products Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2014-05-20 | CVE-2013-7383 | Permissions, Privileges, and Access Controls vulnerability in X2Go Server x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks. | 9.0 |