|
283631
|
6.1 |
MEDIUM
Network
|
redhat
|
satellite
|
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0141
|
2024-11-21 11:01 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283632
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-0146
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283633
|
7.8 |
HIGH
Local
|
qemu
|
qemu
|
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_sn…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0145
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283634
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel…
|
CWE-369
Divide By Zero
|
CVE-2014-0142
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283635
|
7.0 |
HIGH
Local
|
redhat
qemu
|
enterprise_linux
qemu
|
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-0143
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283636
|
8.8 |
HIGH
Network
|
pivotal_software
vmware
|
spring_framework
|
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references…
|
CWE-611
XXE
|
CVE-2014-0225
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283637
|
7.3 |
HIGH
Network
|
vmware
|
spring_security
|
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic…
|
CWE-287
Improper Authentication
|
CVE-2014-0097
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283638
|
7.5 |
HIGH
Network
|
aescrypt_project
|
aescrypt
|
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms vi…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2013-7463
|
2024-11-21 11:01 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283639
|
7.5 |
HIGH
Network
|
pulpproject
|
pulp
|
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
|
CWE-295
Improper Certificate Validation
|
CVE-2013-7450
|
2024-11-21 11:01 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283640
|
6.5 |
MEDIUM
Network
|
cloudera
apache
|
cdh
hadoop
|
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0229
|
2024-11-21 11:01 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
