|
286841
|
7.8 |
HIGH
Local
|
qemu
|
qemu
|
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_sn…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0145
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286842
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel…
|
CWE-369
Divide By Zero
|
CVE-2014-0142
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286843
|
7.0 |
HIGH
Local
|
redhat
qemu
|
enterprise_linux
qemu
|
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-0143
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286844
|
8.8 |
HIGH
Network
|
pivotal_software
vmware
|
spring_framework
|
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references…
|
CWE-611
XXE
|
CVE-2014-0225
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286845
|
7.3 |
HIGH
Network
|
vmware
|
spring_security
|
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic…
|
CWE-287
Improper Authentication
|
CVE-2014-0097
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286846
|
7.5 |
HIGH
Network
|
aescrypt_project
|
aescrypt
|
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms vi…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2013-7463
|
2024-11-21 11:01 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286847
|
7.5 |
HIGH
Network
|
pulpproject
|
pulp
|
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
|
CWE-295
Improper Certificate Validation
|
CVE-2013-7450
|
2024-11-21 11:01 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286848
|
6.5 |
MEDIUM
Network
|
cloudera
apache
|
cdh
hadoop
|
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0229
|
2024-11-21 11:01 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286849
|
7.5 |
HIGH
Network
|
mcafee
|
saas_control_console_platform
|
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated…
|
CWE-22
Path Traversal
|
CVE-2013-7462
|
2024-11-21 11:01 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286850
|
5.5 |
MEDIUM
Local
|
mcafee
|
change_control
application_control
|
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write…
|
CWE-284
Improper Access Control
|
CVE-2013-7461
|
2024-11-21 11:01 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
