|
290201
|
- |
|
graphviz
|
graphviz
|
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "lon…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1236
|
2024-11-21 11:03 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290202
|
- |
|
paratrooper-newrelic_project
|
paratrooper-newrelic
|
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
|
CWE-200
Information Exposure
|
CVE-2014-1234
|
2024-11-21 11:03 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290203
|
- |
|
tobias_maier
|
paratrooper-pingdom
|
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
|
CWE-200
Information Exposure
|
CVE-2014-1233
|
2024-11-21 11:03 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290204
|
- |
|
foliovision
|
foliopress_wysiwyg
|
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1232
|
2024-11-21 11:03 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290205
|
8.8 |
HIGH
Network
|
opensuse
|
open_build_service
|
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
|
CWE-352
Origin Validation Error
|
CVE-2014-0594
|
2024-11-21 11:02 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290206
|
9.8 |
CRITICAL
Network
|
opensuse
|
open_build_service
|
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input p…
|
CWE-20
Improper Input Validation
|
CVE-2014-0593
|
2024-11-21 11:02 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290207
|
5.3 |
MEDIUM
Local
|
ibm
|
rational_focal_point
|
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-for…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2014-0841
|
2024-11-21 11:02 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290208
|
6.5 |
MEDIUM
Network
|
ibm
|
integrated_management_module_firmware
|
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via v…
|
CWE-200
Information Exposure
|
CVE-2014-0882
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290209
|
7.4 |
HIGH
Network
|
ibm
|
integrated_management_module_firmware
|
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of serv…
|
CWE-284
Improper Access Control
|
CVE-2014-0881
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290210
|
4.1 |
MEDIUM
Local
|
ibm
|
security_key_lifecycle_manager
|
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force…
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2014-0872
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
