|
290181
|
- |
|
haxx
apple
|
curl
libcurl
mac_os_x
|
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
|
CWE-310
Cryptographic Issues
|
CVE-2014-3620
|
2024-11-21 11:08 |
2014-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290182
|
- |
|
haxx
apple
|
curl
libcurl
mac_os_x
|
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrat…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3613
|
2024-11-21 11:08 |
2014-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290183
|
- |
|
apache
|
qpid
|
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
|
CWE-19
Data Processing Errors
|
CVE-2014-3629
|
2024-11-21 11:08 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290184
|
- |
|
mumble
|
mumble
|
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is tre…
|
CWE-19
Data Processing Errors
|
CVE-2014-3756
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290185
|
- |
|
mumble
|
mumble
|
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image…
|
CWE-399
Resource Management Errors
|
CVE-2014-3755
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290186
|
- |
|
apache
|
cordova
|
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
|
CWE-200
Information Exposure
|
CVE-2014-3502
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290187
|
- |
|
apache
|
cordova
|
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
|
CWE-254
7PK - Security Features
|
CVE-2014-3501
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290188
|
- |
|
apache
|
cordova
|
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
|
CWE-17
Code
|
CVE-2014-3500
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290189
|
- |
|
canonical
apple
opensuse
oracle
debian
haxx
|
ubuntu_linux
mac_os_x
opensuse
hyperion
debian_linux
libcurl
|
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out…
|
CWE-200
Information Exposure
|
CVE-2014-3707
|
2024-11-21 11:08 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290190
|
- |
|
qemu
debian
canonical
|
qemu
debian_linux
ubuntu_linux
|
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
|
CWE-269
Improper Privilege Management
|
CVE-2014-3689
|
2024-11-21 11:08 |
2014-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
