Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-08 | CVE-2014-2133 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. | 9.3 |
2014-05-05 | CVE-2014-3220 | Credentials Management vulnerability in F5 Big-Iq 4.1.0.2013.0 F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | 9.0 |
2014-05-02 | CVE-2014-2171 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796. | 10.0 |
2014-05-02 | CVE-2014-2170 | Code Injection vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202. | 9.0 |
2014-05-02 | CVE-2014-2169 | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211. | 9.0 |
2014-05-01 | CVE-2014-2882 | Unspecified vulnerability in Citrix products Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. | 10.0 |
2014-05-01 | CVE-2014-2881 | Security vulnerability in Citrix NetScaler Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. | 10.0 |
2014-04-30 | CVE-2013-6990 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | 9.0 |
2014-04-30 | CVE-2014-1531 | USE After Free vulnerability in multiple products Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. | 9.3 |
2014-04-30 | CVE-2014-1529 | Improper Privilege Management vulnerability in multiple products The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. | 9.3 |