|
283461
|
- |
|
apache
|
struts
|
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0113
|
2024-11-21 11:01 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283462
|
- |
|
apache
|
struts
|
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0112
|
2024-11-21 11:01 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283463
|
- |
|
openstack
canonical
opensuse
|
neutron
ubuntu_linux
opensuse
|
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0187
|
2024-11-21 11:01 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283464
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (cra…
|
CWE-20
Improper Input Validation
|
CVE-2014-0079
|
2024-11-21 11:01 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283465
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointe…
|
CWE-20
Improper Input Validation
|
CVE-2014-0037
|
2024-11-21 11:01 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283466
|
- |
|
openstack
|
image_registry_and_delivery_service_\(glance\)
icehouse
|
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or m…
|
CWE-20
Improper Input Validation
|
CVE-2014-0162
|
2024-11-21 11:01 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283467
|
- |
|
linux
redhat
suse
opensuse
|
linux_kernel
enterprise_linux_server
linux_enterprise_server
evergreen
linux_enterprise_real_time_extension
enterprise_linux_desktop
suse_linux_enterprise_server
|
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intend…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0181
|
2024-11-21 11:01 |
2014-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283468
|
- |
|
pocoproject
|
poco_c\+\+_libraries
|
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are r…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0350
|
2024-11-21 11:01 |
2014-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283469
|
- |
|
redhat
|
openshift
|
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers …
|
CWE-287
Improper Authentication
|
CVE-2014-0188
|
2024-11-21 11:01 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283470
|
- |
|
automattic
|
jetpack
|
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0173
|
2024-11-21 11:01 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
