CVE-2013-6741

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration...

CVE-2014-2200

CVE-2014-2200 affects Cisco NX-OS 5.0 (before 5.0(5)) on Nexus 7000 devices with local authentication and multiple VDCs enabled. A remote, authenticated user can escalate privileges to an unintended VDC via SSH to a management interface (Bug CSCti11629). The issue is documented in Cisco’s NX-OS a...

CVE-2014-3275

SQL injection vulnerability in the web framework in Cisco Identity Services Engine ISE 1.2.1 patch 2 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337...

UBUNTU-CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

CVE-2014-2948

Bizagi BPM Suite (workflowenginesoa.asmx) is affected by CVE-2014-2948, a SQL injection vulnerability reported to allow a remote authenticated attacker to execute arbitrary SQL via a crafted SOAP request. The issue targets the workflowenginesoa.asmx web service and is described alongside an addit...

mysql: unspecified DoS related to XML (CPU April 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML...

mysql: unspecified DoS related to Partition (CPU April 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition...

mysql: unspecified DoS related to Federated (CPU April 2014)

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated...

mysql: unspecified DoS related to XML (CPU April 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML...

Design/Logic Flaw

The "insert-blank-characters" capability in caps.c in gnome-terminal vte before 0.28.1 allows remote authenticated users to cause a denial of service CPU and memory consumption and crash via a crafted file, as demonstrated by a file containing the string "\033100000000000000000@"...

mysql: unspecified DoS related to Performance Schema (CPU April 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema...

mysql: unspecified DoS related to Federated (CPU April 2014)

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated...

mysql: unspecified DoS related to Replication (CPU April 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication...

CVE-2014-0078

The CVE affects Red Hat CloudForms Management Engine (CFME)

Privilege escalation

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential...

CVE-2014-1812

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential...

CVE-2014-1812

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential...

CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...

CVE-2013-4502

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...