|
289911
|
- |
|
redhat
|
jboss_a-mq
jboss_fuse
|
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been …
|
CWE-255
Credentials Management
|
CVE-2014-0085
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289912
|
- |
|
redhat
|
openstack
|
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0071
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289913
|
- |
|
springsource
vmware
|
spring_framework
|
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbit…
|
CWE-352
Origin Validation Error
|
CVE-2014-0054
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289914
|
- |
|
amos_benari
|
rbovirt
|
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0036
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289915
|
- |
|
oracle
mariadb
redhat
|
mysql
mariadb
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_eus
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
|
NVD-CWE-noinfo
|
CVE-2014-0384
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289916
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote att…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0053
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289917
|
- |
|
apache
oracle
|
xalan-java
webcenter_sites
|
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass exp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0107
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289918
|
- |
|
openstack
|
compute
icehouse
|
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0167
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289919
|
- |
|
openstack
opensuse
|
horizon
opensuse
|
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0157
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289920
|
- |
|
haxx
|
curl
libcurl
|
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, …
|
CWE-310
Cryptographic Issues
|
CVE-2014-0139
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
