|
290321
|
- |
|
opensuse
apache
canonical
apple
redhat
|
opensuse
subversion
ubuntu_linux
xcode
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server_eus
enterprise_linux_server
enterprise_linux_hpc_node
|
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers …
|
CWE-255
Credentials Management
|
CVE-2014-3528
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290322
|
- |
|
apache
opensuse
canonical
apple
|
subversion
opensuse
ubuntu_linux
xcode
|
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certif…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2014-3522
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290323
|
- |
|
apache
canonical
serf_project
|
subversion
ubuntu_linux
serf
|
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in t…
|
NVD-CWE-Other
|
CVE-2014-3504
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290324
|
- |
|
redhat
|
resteasy
jboss_enterprise_application_platform
|
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity…
|
NVD-CWE-Other
|
CVE-2014-3490
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290325
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3472
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290326
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3464
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290327
|
- |
|
openssl
|
openssl
|
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3512
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290328
|
- |
|
openssl
|
openssl
|
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in comm…
|
NVD-CWE-noinfo
|
CVE-2014-3511
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290329
|
- |
|
openssl
|
openssl
|
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL poi…
|
NVD-CWE-Other
|
CVE-2014-3510
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290330
|
- |
|
openssl
|
openssl
|
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL …
|
CWE-362
Race Condition
|
CVE-2014-3509
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
