Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-26 | CVE-2013-4841 | Remote Code Execution vulnerability in HP products Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509. | 10.0 |
2014-02-24 | CVE-2014-0758 | Improper Input Validation vulnerability in Iconics Genesis32 An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. | 9.3 |
2014-02-24 | CVE-2013-2817 | Code Injection vulnerability in Mitsubishielectric Mc-Worx Suite 8.02 An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. | 9.3 |
2014-02-22 | CVE-2014-0721 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified SIP Phone 3905 The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | 10.0 |
2014-02-22 | CVE-2014-0709 | Credentials Management vulnerability in Cisco UCS Director Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | 9.3 |
2014-02-22 | CVE-2013-6952 | Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | 10.0 |
2014-02-22 | CVE-2013-6949 | Permissions, Privileges, and Access Controls vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. | 9.3 |
2014-02-21 | CVE-2014-0502 | Resource Management Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | 10.0 |
2014-02-21 | CVE-2014-0498 | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-02-18 | CVE-2014-1861 | Improper Input Validation vulnerability in Jetroplatforms Jetro Cockpit Secure Browsing 4.3.1/4.3.3 The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | 9.3 |