CVE-2014-8608

The K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service NULL pointer dereference as demonstrated by a filename containing "crashme$$"...

CVE-2014-7136

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

Heap overflow

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

Stack overflow

Stack-based buffer overflow in the K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors...

Null pointer dereference

The K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service NULL pointer dereference as demonstrated by a filename containing "crashme$$"...

CVE-2014-8608

The K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service NULL pointer dereference as demonstrated by a filename containing "crashme$$"...

CVE-2014-8956

CVE-2014-8956: A stack-based buffer overflow in the K7Sentry.sys kernel-mode driver (K7AV Sentry Device Driver) before version 12.8.0.119 allows local users to execute arbitrary code with kernel privileges. The vulnerability affects K7 Computing products that incorporate this driver. Exploitation...

CVE-2014-8003

Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...

Command injection

Cisco Integrated Management Controller in Cisco Unified Computing System 2.22cA and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998...

CVE-2014-8009

CVE-2014-8009 affects Cisco Unified Computing System Manager (UCSM) up to version 2.1(3f). The issue is an information-disclosure vulnerability where remote, unauthenticated attackers can read log files to obtain sensitive system information. Exploitation details are not provided in the cited doc...

CVE-2014-8003

Cisco Integrated Management Controller in Cisco UCS 2.2(2c)A and earlier is affected by CVE-2014-8003 due to improper input validation in the map-nfs command. This allows an authenticated, local attacker to gain shell-level access to the device. The issue is tied to Bug CSCup05998. Cisco’s adviso...

Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Manager Information Disclosure Vulnerability

A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477...

CVE-2014-7996

Cisco UCS Integrated Management Controller CIMC is affected by a CSRF vulnerability (CVE-2014-7996) in its web framework. An unauthenticated, remote attacker can perform a CSRF attack and hijack user sessions. The issue stems from insufficient CSRF protections in CIMC’s web interface. Impact as d...

CentOS 6 : trousers (CESA-2014:1507)

Updated trousers packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

libvncserver: NULL pointer dereference flaw in framebuffer setup

A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash...

Command injection

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted 1 ping6 or 2 traceroute6 command, aka Bug ID CSCuq38176...

CVE-2014-7989

CVE-2014-7989 affects Cisco Unified Computing System B-Series Blade Servers. It arises from improper input validation in the ping6 and traceroute6 commands, allowing an authenticated local attacker to escalate to shell-level access—potentially via local-mgmt context. Cisco released a security not...