|
278881
|
- |
|
linux
|
linux_kernel
|
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL setti…
|
CWE-362
Race Condition
|
CVE-2014-9710
|
2024-11-21 11:21 |
2015-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278882
|
- |
|
kogmbh
|
webodf
|
Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9716
|
2024-11-21 11:21 |
2015-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278883
|
- |
|
debian
qemu
|
debian_linux
qemu
|
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS…
|
CWE-399
Resource Management Errors
|
CVE-2014-9718
|
2024-11-21 11:21 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278884
|
- |
|
opensuse
gnu
|
opensuse
less
|
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9488
|
2024-11-21 11:21 |
2015-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278885
|
- |
|
facebook
|
hiphop_virtual_machine
|
Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9714
|
2024-11-21 11:21 |
2015-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278886
|
- |
|
openldap
debian
|
openldap
debian_linux
|
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9713
|
2024-11-21 11:21 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278887
|
- |
|
oracle
embedthis
juniper
|
enterprise_communications_broker
appweb
junos
|
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-9708
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278888
|
- |
|
embedthis
|
goahead
|
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (…
|
CWE-17
Code
|
CVE-2014-9707
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278889
|
- |
|
debian
dulwich_project
|
debian_linux
dulwich
|
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly …
|
CWE-19
Data Processing Errors
|
CVE-2014-9706
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278890
|
- |
|
php
opensuse
libgd
debian
canonical
|
php
opensuse
libgd
debian_linux
ubuntu_linux
|
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and applicati…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9709
|
2024-11-21 11:21 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
