|
279501
|
- |
|
f5
debian
|
nginx
debian_linux
|
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote at…
|
CWE-613
Insufficient Session Expiration
|
CVE-2014-3616
|
2024-11-21 11:08 |
2014-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279502
|
- |
|
apache
|
hadoop
|
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to…
|
CWE-59
Link Following
|
CVE-2014-3627
|
2024-11-21 11:08 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279503
|
- |
|
redhat
|
enterprise_virtualization
|
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive…
|
CWE-200
Information Exposure
|
CVE-2014-3561
|
2024-11-21 11:08 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279504
|
- |
|
redhat
|
packstack
|
OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3703
|
2024-11-21 11:08 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279505
|
- |
|
linux
|
linux_kernel
|
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output q…
|
CWE-399
Resource Management Errors
|
CVE-2014-3688
|
2024-11-21 11:08 |
2014-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279506
|
- |
|
cisco
|
adaptive_security_appliance_software
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-3407
|
2024-11-21 11:08 |
2014-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279507
|
- |
|
pivotal_software
vmware
|
spring_framework
|
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspeci…
|
CWE-22
Path Traversal
|
CVE-2014-3625
|
2024-11-21 11:08 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279508
|
- |
|
haxx
apple
|
curl
libcurl
mac_os_x
|
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
|
CWE-310
Cryptographic Issues
|
CVE-2014-3620
|
2024-11-21 11:08 |
2014-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279509
|
- |
|
haxx
apple
|
curl
libcurl
mac_os_x
|
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrat…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3613
|
2024-11-21 11:08 |
2014-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279510
|
- |
|
apache
|
qpid
|
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
|
CWE-19
Data Processing Errors
|
CVE-2014-3629
|
2024-11-21 11:08 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
