Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-01 | CVE-2014-0632 | Path Traversal vulnerability in EMC Vplex Geosynchrony Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
2014-04-01 | CVE-2013-0662 | Out-of-bounds Write vulnerability in Schneider-Electric products Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | 9.3 |
2014-04-01 | CVE-2013-2278 | Unspecified vulnerability in Jgaa Warftpd 1.8.2 Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log." | 10.0 |
2014-03-31 | CVE-2014-1982 | Improper Authentication vulnerability in Alliedtelesis products The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | 10.0 |
2014-03-31 | CVE-2013-6775 | Permissions, Privileges, and Access Controls vulnerability in Chainfire Supersu 1.69 The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | 10.0 |
2014-03-31 | CVE-2013-6774 | Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. | 10.0 |
2014-03-31 | CVE-2013-6769 | Improper Input Validation vulnerability in Koushik Dutta Superuser 1.0.2.1 The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. | 10.0 |
2014-03-27 | CVE-2013-3481 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in B-E-Soft Artweaver Free and Artweaver Plus Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file. | 9.3 |
2014-03-27 | CVE-2013-0732 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nuance PDF Reader 6.0/7.0 Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries. | 9.3 |
2014-03-27 | CVE-2014-0512 | Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat Reader 11.0.6 Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |