|
290781
|
9.8 |
CRITICAL
Network
|
swann
|
dvr04b_firmware
dvr08b_firmware
dvr-16cif_firmware
dvr16b_firmware
|
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.
|
CWE-74
Injection
|
CVE-2013-7487
|
2024-11-21 11:01 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290782
|
9.8 |
CRITICAL
Network
|
redhat
|
openshift
|
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing t…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2014-0234
|
2024-11-21 11:01 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290783
|
5.9 |
MEDIUM
Network
|
redhat
|
jboss_portal
|
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where S…
|
CWE-362
Race Condition
|
CVE-2014-0245
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290784
|
6.1 |
MEDIUM
Network
|
redhat
|
subscription_asset_manager
|
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0183
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290785
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acc…
|
CWE-863
Incorrect Authorization
|
CVE-2014-0169
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290786
|
9.8 |
CRITICAL
Network
|
tigervnc
|
tigervnc
|
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vn…
|
CWE-787
Out-of-bounds Write
|
CVE-2014-0011
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290787
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7486
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290788
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7485
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290789
|
5.9 |
MEDIUM
Network
|
ovirt-engine-sdk-python_project
|
ovirt-engine-sdk-python
|
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a T…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0161
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290790
|
5.9 |
MEDIUM
Network
|
clusterlabs
|
fence-agents
|
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary S…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0104
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
