|
290301
|
- |
|
qemu
redhat
|
qemu
enterprise_linux
|
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, whic…
|
CWE-189
Numeric Errors
|
CVE-2014-0150
|
2024-11-21 11:01 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290302
|
- |
|
apache
|
syncope
|
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition…
|
CWE-94
Code Injection
|
CVE-2014-0111
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290303
|
- |
|
redhat
|
jboss_a-mq
jboss_fuse
|
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been …
|
CWE-255
Credentials Management
|
CVE-2014-0085
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290304
|
- |
|
redhat
|
openstack
|
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0071
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290305
|
- |
|
springsource
vmware
|
spring_framework
|
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbit…
|
CWE-352
Origin Validation Error
|
CVE-2014-0054
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290306
|
- |
|
amos_benari
|
rbovirt
|
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0036
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290307
|
- |
|
oracle
mariadb
redhat
|
mysql
mariadb
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_eus
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
|
NVD-CWE-noinfo
|
CVE-2014-0384
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290308
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote att…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0053
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290309
|
- |
|
apache
oracle
|
xalan-java
webcenter_sites
|
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass exp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0107
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290310
|
- |
|
openstack
|
compute
icehouse
|
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0167
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
