|
283361
|
- |
|
qemu
|
qemu
|
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0182
|
2024-11-21 11:01 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283362
|
- |
|
openstack
|
keystone
|
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges th…
|
CWE-269
Improper Privilege Management
|
CVE-2014-0204
|
2024-11-21 11:01 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283363
|
- |
|
redhat
|
cloudforms_3.0_management_engine
|
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2014-0136
|
2024-11-21 11:01 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283364
|
- |
|
jolokia
|
jolokia
|
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
|
CWE-352
Origin Validation Error
|
CVE-2014-0168
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283365
|
- |
|
redhat
|
cloudforms_3.0.5_management_engine
cloudforms_3.0.4_management_engine
cloudforms_3.0.3_management_engine
cloudforms_3.0.2_management_engine
cloudforms_3.0.1_management_engine
cloudform…
|
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0140
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283366
|
- |
|
apache
|
shiro
|
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
|
CWE-287
Improper Authentication
|
CVE-2014-0074
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283367
|
- |
|
redhat
jboss
|
jboss_data_virtualization
teiid
|
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
|
NVD-CWE-Other
|
CVE-2014-0170
|
2024-11-21 11:01 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283368
|
- |
|
linux
|
linux_kernel
|
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0205
|
2024-11-21 11:01 |
2014-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283369
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0351
|
2024-11-21 11:01 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283370
|
- |
|
ovirt
|
ovirt
|
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
|
CWE-200
Information Exposure
|
CVE-2014-0153
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
