postgresql: stack-based buffer overflow in datetime input/output

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

postgresql: NULL pointer dereference

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service NULL pointer...

CVE-2014-2603

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors...

DEBIAN-CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request...

DEBIAN-CVE-2014-0134

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request...

CVE-2013-0187

Foreman before 1.1 allows remote authenticated users to gain privileges via a 1 XMLHttpRequest or 2 AJAX request...

Cross site request forgery (csrf)

Foreman before 1.1 allows remote authenticated users to gain privileges via a 1 XMLHttpRequest or 2 AJAX request...

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request...

CVE-2013-0187

Foreman before 1.1 contains a privilege escalation vulnerability where remote authenticated users can gain privileges via an XMLHttpRequest or an AJAX request. The connected documents do not specify the root cause, affected components beyond the generic web interface, exploit details, or a remedi...

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request...

CVE-2014-2602

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors...

PT-2014-4538 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue allows remote authenticated users to read files by sending a crafted URL to the HTTP server, potentially accessing sensitive information suc...

Default credentials

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/...

FreeBSD : strongswan -- Remote Authentication Bypass (6fb521b0-d388-11e3-a790-000c2980a9f3)

strongSwan developers report : Remote attackers are able to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established. Only installations that actively initiate or re-authenticate IKEv2 IKESAs are affected...

CVE-2014-2170

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell aka tcsh scripts, aka Bug ID CSCue60202...

CVE-2014-1443

Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information password for the previous user via a USER command with a specific length, possibly related to an out-of-bounds read...

CVE-2014-1442

Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command...

Design/Logic Flaw

Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information password for the previous user via a USER command with a specific length, possibly related to an out-of-bounds read...

CVE-2014-1443

CVE-2014-1443 affects Core FTP Server 1.2 before build 515. Remote authenticated users can disclose the password of the previously logged-on user by sending a specially crafted USER command (length-specifically crafted string), likely due to an out-of-bounds/read-path issue. The impact is informa...