Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-17 | CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. | 9.8 |
2015-02-16 | CVE-2015-1498 | Permissions, Privileges, and Access Controls vulnerability in Persistent Systems Radia Client Automation Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | 10.0 |
2015-02-16 | CVE-2015-1497 | Code Injection vulnerability in Persistent Systems Radia Client Automation radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | 10.0 |
2015-02-16 | CVE-2014-9375 | Path Traversal vulnerability in Lexmark Markvision Enterprise Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. | 9.0 |
2015-02-16 | CVE-2015-1474 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. | 10.0 |
2015-02-14 | CVE-2015-0518 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | 9.0 |
2015-02-13 | CVE-2014-8385 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Eki-1200 Gateway Series Firmware Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-02-11 | CVE-2015-0068 | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052. | 9.3 |
2015-02-11 | CVE-2015-0067 | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2015-02-11 | CVE-2015-0066 | Resource Management Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040. | 9.3 |