|
282781
|
- |
|
amos_benari
|
rbovirt
|
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0036
|
2024-11-21 11:01 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282782
|
- |
|
oracle
mariadb
redhat
|
mysql
mariadb
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_eus
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
|
NVD-CWE-noinfo
|
CVE-2014-0384
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282783
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote att…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0053
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282784
|
- |
|
apache
oracle
|
xalan-java
webcenter_sites
|
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass exp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0107
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282785
|
- |
|
openstack
|
compute
icehouse
|
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0167
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282786
|
- |
|
openstack
opensuse
|
horizon
opensuse
|
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0157
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282787
|
- |
|
haxx
|
curl
libcurl
|
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, …
|
CWE-310
Cryptographic Issues
|
CVE-2014-0139
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282788
|
- |
|
haxx
debian
|
curl
libcurl
debian_linux
|
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, whic…
|
CWE-287
Improper Authentication
|
CVE-2014-0138
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282789
|
- |
|
openstack
|
python-keystoneclient
|
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authen…
|
CWE-255
Credentials Management
|
CVE-2014-0105
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282790
|
- |
|
xangati
|
xangati_software_release
xangati_xnr
|
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
|
CWE-78
OS Command
|
CVE-2014-0359
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
