|
291201
|
- |
|
automattic
|
jetpack
|
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0173
|
2024-11-21 11:01 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291202
|
- |
|
toshibacommerce
|
4690_point_of_sale_operating_system
|
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dep…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0361
|
2024-11-21 11:01 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291203
|
- |
|
qemu
redhat
|
qemu
enterprise_linux
|
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, whic…
|
CWE-189
Numeric Errors
|
CVE-2014-0150
|
2024-11-21 11:01 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291204
|
- |
|
apache
|
syncope
|
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition…
|
CWE-94
Code Injection
|
CVE-2014-0111
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291205
|
- |
|
redhat
|
jboss_a-mq
jboss_fuse
|
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been …
|
CWE-255
Credentials Management
|
CVE-2014-0085
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291206
|
- |
|
redhat
|
openstack
|
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0071
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291207
|
- |
|
springsource
vmware
|
spring_framework
|
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbit…
|
CWE-352
Origin Validation Error
|
CVE-2014-0054
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291208
|
- |
|
amos_benari
|
rbovirt
|
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0036
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291209
|
- |
|
oracle
mariadb
redhat
|
mysql
mariadb
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_eus
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
|
NVD-CWE-noinfo
|
CVE-2014-0384
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291210
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote att…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0053
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
