Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-05 | CVE-2014-3912 | Buffer Errors vulnerability in Samsung Ipolis Device Manager 1.8.2 Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. | 9.3 |
| 2014-06-04 | CVE-2014-3913 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ericom Accessnow Server Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. | 10.0 |
| 2014-06-02 | CVE-2014-2959 | OS Command Injection vulnerability in multiple products logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. | 9.0 |
| 2014-06-02 | CVE-2013-2019 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ROM Walton Boinc 6.10.58/6.12.34 Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | 9.3 |
| 2014-06-01 | CVE-2014-3790 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.1/5.5 Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | 9.0 |
| 2014-05-27 | CVE-2013-2090 | OS Command Injection vulnerability in Uplawski Creme Fraiche The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. | 9.3 |
| 2014-05-26 | CVE-2014-2504 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method. | 9.0 |
| 2014-05-26 | CVE-2014-2196 | Code Injection vulnerability in Cisco Wide Area Application Services 5.1.1 Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. | 9.3 |
| 2014-05-22 | CVE-2014-1770 | Resource Management Errors vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. | 9.3 |
| 2014-05-21 | CVE-2012-1166 | OS Command Injection vulnerability in Canonical Ltsp Display Manager and Ubuntu Linux The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | 10.0 |