|
282781
|
8.8 |
HIGH
Network
|
pivotal_software
vmware
|
spring_framework
|
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references…
|
CWE-611
XXE
|
CVE-2014-0225
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282782
|
7.3 |
HIGH
Network
|
vmware
|
spring_security
|
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic…
|
CWE-287
Improper Authentication
|
CVE-2014-0097
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282783
|
7.5 |
HIGH
Network
|
aescrypt_project
|
aescrypt
|
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms vi…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2013-7463
|
2024-11-21 11:01 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282784
|
7.5 |
HIGH
Network
|
pulpproject
|
pulp
|
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
|
CWE-295
Improper Certificate Validation
|
CVE-2013-7450
|
2024-11-21 11:01 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282785
|
6.5 |
MEDIUM
Network
|
cloudera
apache
|
cdh
hadoop
|
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0229
|
2024-11-21 11:01 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282786
|
7.5 |
HIGH
Network
|
mcafee
|
saas_control_console_platform
|
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated…
|
CWE-22
Path Traversal
|
CVE-2013-7462
|
2024-11-21 11:01 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282787
|
5.5 |
MEDIUM
Local
|
mcafee
|
change_control
application_control
|
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write…
|
CWE-284
Improper Access Control
|
CVE-2013-7461
|
2024-11-21 11:01 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282788
|
5.5 |
MEDIUM
Local
|
mcafee
|
change_control
application_control
|
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part …
|
CWE-284
Improper Access Control
|
CVE-2013-7460
|
2024-11-21 11:01 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282789
|
9.8 |
CRITICAL
Network
|
dlitz
fedoraproject
|
pycrypto
fedora
|
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7459
|
2024-11-21 11:01 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282790
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7454
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
