|
289891
|
- |
|
redhat
|
openshift
|
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to o…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0164
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289892
|
- |
|
redhat
|
jboss_web_framework_kit
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0149
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289893
|
- |
|
redhat
virt-who_project
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
virt-who
|
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0189
|
2024-11-21 11:01 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289894
|
- |
|
igniterealtime
|
smack
|
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses vi…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-0364
|
2024-11-21 11:01 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289895
|
- |
|
igniterealtime
|
smack
|
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0363
|
2024-11-21 11:01 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289896
|
- |
|
apache
|
commons_beanutils
struts
|
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the …
|
CWE-20
Improper Input Validation
|
CVE-2014-0114
|
2024-11-21 11:01 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289897
|
- |
|
f5
|
nginx
|
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0088
|
2024-11-21 11:01 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289898
|
- |
|
apache
|
struts
|
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0113
|
2024-11-21 11:01 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289899
|
- |
|
apache
|
struts
|
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0112
|
2024-11-21 11:01 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289900
|
- |
|
openstack
canonical
opensuse
|
neutron
ubuntu_linux
opensuse
|
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0187
|
2024-11-21 11:01 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
