Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-09 | CVE-2014-7889 | Unspecified vulnerability in HP OLE Point of Sale Driver 1.13.001 The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511. | 10.0 |
2015-03-09 | CVE-2014-7888 | Unspecified vulnerability in HP OLE Point of Sale Driver 1.13.001 The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512. | 10.0 |
2015-03-06 | CVE-2014-8891 | Remote Privilege Escalation vulnerability in IBM Java SDK Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. | 10.0 |
2015-02-28 | CVE-2014-9682 | Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0 The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | 10.0 |
2015-02-27 | CVE-2015-0977 | OS Command Injection vulnerability in Network Vision Intravue 2.3.0A11 Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
2015-02-23 | CVE-2015-2051 | Command Injection vulnerability in Dlink Dir-645 Firmware 1.03/1.04/1.04B11 The D-Link DIR-645 Wired/Wireless Router Rev. | 9.8 |
2015-02-21 | CVE-2015-0331 | Use After Free Remote Code Execution vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | 10.0 |
2015-02-20 | CVE-2015-2033 | Improper Authentication vulnerability in Infoblox Netmri Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. | 10.0 |
2015-02-19 | CVE-2014-9421 | Remote Code Execution vulnerability in MIT Kerberos 5 'kadmind' Daemon The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. | 9.0 |
2015-02-19 | CVE-2014-5352 | Double Free Remote Code Execution vulnerability in MIT krb5 kadmind The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. | 9.0 |