|
279451
|
5.9 |
MEDIUM
Network
|
shibboleth
|
identity_provider
opensaml_java
|
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain …
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2014-3603
|
2024-11-21 11:08 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279452
|
9.8 |
CRITICAL
Network
|
rope_project
|
rope
|
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
|
NVD-CWE-noinfo
|
CVE-2014-3539
|
2024-11-21 11:08 |
2018-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279453
|
9.8 |
CRITICAL
Network
|
juniper
|
junos_space
|
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-3413
|
2024-11-21 11:08 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279454
|
7.5 |
HIGH
Network
|
grails
|
resources
|
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal t…
|
CWE-22
Path Traversal
|
CVE-2014-3626
|
2024-11-21 11:08 |
2018-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279455
|
6.7 |
MEDIUM
Local
|
gdata-software
|
totalprotection
|
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3752
|
2024-11-21 11:08 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279456
|
6.5 |
MEDIUM
Local
|
openvz
|
vzkernel
|
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH cap…
|
CWE-284
Improper Access Control
|
CVE-2014-3519
|
2024-11-21 11:08 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279457
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virti…
|
CWE-416
Use After Free
|
CVE-2014-3471
|
2024-11-21 11:08 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279458
|
5.9 |
MEDIUM
Network
|
ldaptive
|
ldaptive
vt-ldap
|
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which …
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3607
|
2024-11-21 11:08 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279459
|
9.8 |
CRITICAL
Network
|
playframework
lightbend
|
play_framework
|
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of se…
|
CWE-611
XXE
|
CVE-2014-3630
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279460
|
7.5 |
HIGH
Network
|
keycloak
|
keycloak
|
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-3651
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
