|
282721
|
9.8 |
CRITICAL
Network
|
tigervnc
|
tigervnc
|
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vn…
|
CWE-787
Out-of-bounds Write
|
CVE-2014-0011
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282722
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7486
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282723
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7485
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282724
|
5.9 |
MEDIUM
Network
|
ovirt-engine-sdk-python_project
|
ovirt-engine-sdk-python
|
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a T…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0161
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282725
|
5.9 |
MEDIUM
Network
|
clusterlabs
|
fence-agents
|
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary S…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-0104
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282726
|
9.8 |
CRITICAL
Network
|
docker
apache
|
docker
geode
|
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
|
CWE-20
Improper Input Validation
|
CVE-2014-0048
|
2024-11-21 11:01 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282727
|
5.5 |
MEDIUM
Local
|
theforeman
redhat
|
hammer_cli
satellite
|
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-0241
|
2024-11-21 11:01 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282728
|
7.5 |
HIGH
Network
|
apache
|
qpid-cpp
|
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-0212
|
2024-11-21 11:01 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282729
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
CFME: CSRF protection vulnerability via permissive check of the referrer header
|
CWE-352
Origin Validation Error
|
CVE-2014-0197
|
2024-11-21 11:01 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282730
|
9.8 |
CRITICAL
Network
|
puppet
redhat
debian
|
marionette_collective
openshift
debian_linux
|
mcollective has a default password set at install
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-0175
|
2024-11-21 11:01 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
