|
290961
|
- |
|
google
|
search_appliance_software
|
Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0362
|
2024-11-21 11:01 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290962
|
- |
|
apache
|
struts
|
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0116
|
2024-11-21 11:01 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290963
|
- |
|
netty
|
netty
|
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory c…
|
CWE-399
Resource Management Errors
|
CVE-2014-0193
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290964
|
- |
|
openssl
mariadb
fedoraproject
debian
opensuse
suse
|
openssl
mariadb
fedora
debian_linux
opensuse
linux_enterprise_server
linux_enterprise_software_development_kit
linux_enterprise_desktop
linux_enterprise_workstation_extension
|
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows …
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-0198
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290965
|
- |
|
php
|
php
|
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a …
|
CWE-269
Improper Privilege Management
|
CVE-2014-0185
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290966
|
- |
|
redhat
|
openshift
|
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to o…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0164
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290967
|
- |
|
redhat
|
jboss_web_framework_kit
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0149
|
2024-11-21 11:01 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290968
|
- |
|
redhat
virt-who_project
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
virt-who
|
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0189
|
2024-11-21 11:01 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290969
|
- |
|
igniterealtime
|
smack
|
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses vi…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-0364
|
2024-11-21 11:01 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290970
|
- |
|
igniterealtime
|
smack
|
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0363
|
2024-11-21 11:01 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
