Weekly Vulnerabilities Reports > June 23 to 29, 2014
Overview
2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Linux, Oracle, and Sophos. Vulnerabilities are notably categorized as "Use After Free", and "Improper Authentication".
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2014-06-25 | CVE-2014-2005 | Sophos | Improper Authentication vulnerability in Sophos Enterprise Console 5.1/5.2/5.2.1 Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | 6.8 |
| 2014-06-23 | CVE-2014-0203 | Linux Oracle | Use After Free vulnerability in multiple products The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|