|
290161
|
- |
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name …
|
CWE-79
Cross-site Scripting
|
CVE-2014-0089
|
2024-11-21 11:01 |
2014-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290162
|
- |
|
redhat
|
enterprise_linux
|
The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_v…
|
NVD-CWE-noinfo
|
CVE-2014-0055
|
2024-11-21 11:01 |
2014-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290163
|
- |
|
virtualaccess
|
gw6110a_firmware
gw6110a
|
The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modifi…
|
NVD-CWE-Other
|
CVE-2014-0343
|
2024-11-21 11:01 |
2014-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290164
|
- |
|
openssl
|
openssl
|
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0076
|
2024-11-21 11:01 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290165
|
- |
|
linux
opensuse
suse
|
linux_kernel
evergreen
linux_enterprise_server
|
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the …
|
CWE-416
Use After Free
|
CVE-2014-0131
|
2024-11-21 11:01 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290166
|
- |
|
stunnel
|
stunnel
|
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to u…
|
CWE-332
Insufficient Entropy in PRNG
|
CVE-2014-0016
|
2024-11-21 11:01 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290167
|
- |
|
moodle
|
moodle
|
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0127
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290168
|
- |
|
moodle
|
moodle
|
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0129
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290169
|
- |
|
moodle
|
moodle
|
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0125
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290170
|
- |
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers t…
|
CWE-352
Origin Validation Error
|
CVE-2014-0126
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
