|
280321
|
- |
|
f5
|
nginx
|
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-i…
|
CWE-77
Command Injection
|
CVE-2014-3556
|
2024-11-21 11:08 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280322
|
- |
|
openssl
|
openssl
|
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denia…
|
NVD-CWE-Other
|
CVE-2014-3569
|
2024-11-21 11:08 |
2014-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280323
|
- |
|
cisco
|
adaptive_security_appliance_software
|
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and the…
|
CWE-200
Information Exposure
|
CVE-2014-3410
|
2024-11-21 11:08 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280324
|
- |
|
redhat
apache
debian
apple
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server_eus
enterprise_linux_server
enterprise_linux_hpc_node
subversion
debian_linux
xcode
|
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server cra…
|
NVD-CWE-Other
|
CVE-2014-3580
|
2024-11-21 11:08 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280325
|
- |
|
apple
apache
canonical
|
mac_os_x
os_x_server
http_server
ubuntu_linux
|
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3583
|
2024-11-21 11:08 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280326
|
- |
|
vmware
|
vcenter_server_appliance
|
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3797
|
2024-11-21 11:08 |
2014-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280327
|
- |
|
f5
debian
|
nginx
debian_linux
|
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote at…
|
CWE-613
Insufficient Session Expiration
|
CVE-2014-3616
|
2024-11-21 11:08 |
2014-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280328
|
- |
|
apache
|
hadoop
|
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to…
|
CWE-59
Link Following
|
CVE-2014-3627
|
2024-11-21 11:08 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280329
|
- |
|
redhat
|
enterprise_virtualization
|
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive…
|
CWE-200
Information Exposure
|
CVE-2014-3561
|
2024-11-21 11:08 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280330
|
- |
|
redhat
|
packstack
|
OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3703
|
2024-11-21 11:08 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
