|
277531
|
- |
|
bassmaster_project
|
bassmaster
|
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitra…
|
CWE-94
Code Injection
|
CVE-2014-7205
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277532
|
- |
|
python
apple
|
python
mac_os_x
|
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
|
CWE-189
Numeric Errors
|
CVE-2014-7185
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277533
|
- |
|
arubanetworks
|
arubaos
|
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain …
|
NVD-CWE-noinfo
|
CVE-2014-7299
|
2024-11-21 11:16 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277534
|
- |
|
getmail
|
getmail
|
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensiti…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7275
|
2024-11-21 11:16 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277535
|
- |
|
getmail
|
getmail
|
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7274
|
2024-11-21 11:16 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277536
|
- |
|
getmail
|
getmail
|
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensiti…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7273
|
2024-11-21 11:16 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277537
|
- |
|
mediawiki
|
mediawiki
|
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripti…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7295
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277538
|
- |
|
freepbx
sangoma
|
freepbx
|
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary c…
|
CWE-94
Code Injection
|
CVE-2014-7235
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277539
|
- |
|
canonical
debian
mageia
|
ubuntu_linux
debian_linux
exuberant_ctags
mageia
|
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
|
CWE-399
Resource Management Errors
|
CVE-2014-7204
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277540
|
- |
|
golang
|
go
|
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7189
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
