|
283311
|
9.8 |
CRITICAL
Network
|
apache
|
roller
|
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
|
CWE-611
XXE
|
CVE-2014-0030
|
2024-11-21 11:01 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283312
|
7.8 |
HIGH
Local
|
docker
|
docker
|
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
|
NVD-CWE-noinfo
|
CVE-2014-0047
|
2024-11-21 11:01 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283313
|
5.3 |
MEDIUM
Network
|
apache
|
wicket
|
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a thi…
|
CWE-200
Information Exposure
|
CVE-2014-0043
|
2024-11-21 11:01 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283314
|
6.1 |
MEDIUM
Network
|
redhat
|
satellite
|
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0141
|
2024-11-21 11:01 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283315
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-0146
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283316
|
7.8 |
HIGH
Local
|
qemu
|
qemu
|
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_sn…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0145
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283317
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel…
|
CWE-369
Divide By Zero
|
CVE-2014-0142
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283318
|
7.0 |
HIGH
Local
|
redhat
qemu
|
enterprise_linux
qemu
|
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-0143
|
2024-11-21 11:01 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283319
|
8.8 |
HIGH
Network
|
pivotal_software
vmware
|
spring_framework
|
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references…
|
CWE-611
XXE
|
CVE-2014-0225
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283320
|
7.3 |
HIGH
Network
|
vmware
|
spring_security
|
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic…
|
CWE-287
Improper Authentication
|
CVE-2014-0097
|
2024-11-21 11:01 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
