|
280401
|
- |
|
redhat
|
enterprise_virtualization_manager
|
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or…
|
CWE-20
Improper Input Validation
|
CVE-2014-3573
|
2024-11-21 11:08 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280402
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
|
CWE-200
Information Exposure
|
CVE-2014-3680
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280403
|
- |
|
jenkins-ci
|
monitoring_plugin
|
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
|
NVD-CWE-noinfo
|
CVE-2014-3679
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280404
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information …
|
CWE-200
Information Exposure
|
CVE-2014-3667
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280405
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
|
CWE-94
Code Injection
|
CVE-2014-3666
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280406
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified ve…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3663
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280407
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
|
CWE-200
Information Exposure
|
CVE-2014-3662
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280408
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
|
CWE-399
Resource Management Errors
|
CVE-2014-3661
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280409
|
- |
|
drupal
debian
|
drupal
debian_linux
|
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att…
|
CWE-89
SQL Injection
|
CVE-2014-3704
|
2024-11-21 11:08 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280410
|
- |
|
w1.fi
debian
canonical
|
hostapd
wpa_supplicant
debian_linux
ubuntu_linux
|
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via …
|
CWE-20
Improper Input Validation
|
CVE-2014-3686
|
2024-11-21 11:08 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
