CVE-2014-3493

The pushascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service memory corruption and daemon crash via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a...

UBUNTU-CVE-2014-3493

The pushascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service memory corruption and daemon crash via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a...

CVE-2014-3296

The XML programmatic interface XML PI in Cisco WebEx Meeting Server 1.5.1.131 and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527...

CVE-2014-2611

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120...

USN-2249-1 heat vulnerability

Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time...

Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update

An updated rubygem-openshift-origin-node package that fixes one security issue and several bugs is now available for Red Hat OpenShift Enterprise 2.1.1. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base...

CVE-2014-2949

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

CVE-2014-0220

Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API...

CVE-2014-0220

CVE-2014-0220 affects Cloudera Manager versions prior to 4.8.3 and prior to 5.0.1 in the 5.x line. The vulnerability is an information disclosure via the API, where remote authenticated users can obtain sensitive configuration values. The issue is tied to API access controls that fail to redact o...

Design/Logic Flaw

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors...

CVE-2014-2506

EMC Documentum Content Server (versions 6.7 SP1 P28, 6.7 SP2 P14, 7.0 before P15, 7.1 before P05) contains a privilege-escalation vulnerability (CVE-2014-2506) exploitable by remote authenticated users to create system objects with super-user privileges and bypass data access/server action restri...

CVE-2014-2575

The CVE-2014-2575 entry concerns DevExpress ASPxFileManager for WebForms and MVC. A directory traversal vulnerability allows remote authenticated users to read or write arbitrary files by supplying a relative path in __EVENTARGUMENT, affecting DevExpress ASPxFileManager versions up to 13.2.8 (and...

CVE-2014-3280

CVE-2014-3280 affects Cisco VOSS CDM (Cisco Unified Communications Domain Manager) versions 9.0(.1) and earlier. The issue is an improper access-control enforcement in the web framework, allowing remote authenticated users to access potentially sensitive user information by visiting an unspecifie...

CVE-2013-6744

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATEEXTERNALROUTINE authority...

CVE-2013-6744

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATEEXTERNALROUTINE authority...

UBUNTU-CVE-2014-0178

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRVSNAPSHOTARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memo...

CVE-2013-6741

The CVE-2013-6741 issue affects IBM Maximo Asset Management and related IBM Tivoli products, allowing remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Affected products include Maximo Asset Management 7.x (before 7.1.1.7 LAFIX.20140319...

CVE-2014-0849

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups...