Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-27 | CVE-2014-1766 | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 9.3 |
| 2014-04-27 | CVE-2014-1764 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
| 2014-04-27 | CVE-2014-1763 | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
| 2014-04-27 | CVE-2014-2994 | Buffer Errors vulnerability in Acunetix web vulnerability Scanner 8 Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute). | 10.0 |
| 2014-04-25 | CVE-2013-5660 | Buffer Errors vulnerability in Powersoftware Winarchiver 3.2 Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | 9.3 |
| 2014-04-25 | CVE-2014-0780 | Path Traversal vulnerability in Indusoft web Studio 7.1 Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | 9.8 |
| 2014-04-25 | CVE-2014-0769 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | 9.3 |
| 2014-04-25 | CVE-2014-0760 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |
| 2014-04-23 | CVE-2014-0474 | Resource Management Errors vulnerability in multiple products The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." | 10.0 |
| 2014-04-23 | CVE-2014-1318 | Improper Input Validation vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. | 10.0 |