|
283351
|
- |
|
ovirt
|
ovirt
|
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via scr…
|
CWE-200
Information Exposure
|
CVE-2014-0154
|
2024-11-21 11:01 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283352
|
- |
|
redhat
|
ovirt-engine
|
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a RE…
|
CWE-352
Origin Validation Error
|
CVE-2014-0151
|
2024-11-21 11:01 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283353
|
- |
|
oracle
|
fusion_middleware
|
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other pro…
|
NVD-CWE-noinfo
|
CVE-2014-0191
|
2024-11-21 11:01 |
2015-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283354
|
- |
|
redhat
odata4j_project
|
jboss_data_virtualization
odata4j
|
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a…
|
NVD-CWE-Other
|
CVE-2014-0171
|
2024-11-21 11:01 |
2015-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283355
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive informat…
|
CWE-200
Information Exposure
|
CVE-2014-0059
|
2024-11-21 11:01 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283356
|
- |
|
freerdp
opensuse
|
freerdp
opensuse
|
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress f…
|
CWE-189
Numeric Errors
|
CVE-2014-0250
|
2024-11-21 11:01 |
2014-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283357
|
- |
|
apache
|
hive
|
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated use…
|
CWE-284
Improper Access Control
|
CVE-2014-0228
|
2024-11-21 11:01 |
2014-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283358
|
- |
|
redhat
|
openshift
|
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr…
|
CWE-94
Code Injection
|
CVE-2014-0233
|
2024-11-21 11:01 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283359
|
- |
|
suse
qemu
|
linux_enterprise_server
qemu
|
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, whi…
|
CWE-189
Numeric Errors
|
CVE-2014-0223
|
2024-11-21 11:01 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283360
|
- |
|
suse
qemu
|
linux_enterprise_server
qemu
|
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
|
CWE-189
Numeric Errors
|
CVE-2014-0222
|
2024-11-21 11:01 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
