|
280281
|
6.7 |
MEDIUM
Local
|
gdata-software
|
totalprotection
|
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3752
|
2024-11-21 11:08 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280282
|
6.5 |
MEDIUM
Local
|
openvz
|
vzkernel
|
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH cap…
|
CWE-284
Improper Access Control
|
CVE-2014-3519
|
2024-11-21 11:08 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280283
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virti…
|
CWE-416
Use After Free
|
CVE-2014-3471
|
2024-11-21 11:08 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280284
|
5.9 |
MEDIUM
Network
|
ldaptive
|
ldaptive
vt-ldap
|
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which …
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3607
|
2024-11-21 11:08 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280285
|
9.8 |
CRITICAL
Network
|
playframework
lightbend
|
play_framework
|
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of se…
|
CWE-611
XXE
|
CVE-2014-3630
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280286
|
7.5 |
HIGH
Network
|
keycloak
|
keycloak
|
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-3651
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280287
|
9.8 |
CRITICAL
Network
|
apache
|
traffic_server
|
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
|
CWE-284
Improper Access Control
|
CVE-2014-3624
|
2024-11-21 11:08 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280288
|
7.5 |
HIGH
Network
|
apache
|
wicket
|
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temp…
|
CWE-200
Information Exposure
|
CVE-2014-3526
|
2024-11-21 11:08 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280289
|
9.8 |
CRITICAL
Network
|
apache
|
activemq
|
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messag…
|
CWE-611
XXE
|
CVE-2014-3600
|
2024-11-21 11:08 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280290
|
9.8 |
CRITICAL
Network
|
apache
|
activemq_apollo
|
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML …
|
CWE-611
XXE
|
CVE-2014-3579
|
2024-11-21 11:08 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
