|
282041
|
- |
|
jenkins
|
jenkins
|
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveragi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3665
|
2024-11-21 11:08 |
2015-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282042
|
- |
|
apache
|
activemq
|
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with…
|
CWE-287
Improper Authentication
|
CVE-2014-3612
|
2024-11-21 11:08 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282043
|
7.5 |
HIGH
Network
|
apache
oracle
|
activemq
business_intelligence_publisher
fusion_middleware
|
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3576
|
2024-11-21 11:08 |
2015-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282044
|
- |
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3653
|
2024-11-21 11:08 |
2015-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282045
|
- |
|
opensuse
python
|
opensuse
pillow
|
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
|
CWE-399
Resource Management Errors
|
CVE-2014-3598
|
2024-11-21 11:08 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282046
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-h…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3586
|
2024-11-21 11:08 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282047
|
- |
|
opensuse
gluster
|
opensuse
glusterfs
|
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
|
CWE-399
Resource Management Errors
|
CVE-2014-3619
|
2024-11-21 11:08 |
2015-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282048
|
- |
|
redhat
theforeman
|
openstack
foreman
|
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and …
|
CWE-310
Cryptographic Issues
|
CVE-2014-3691
|
2024-11-21 11:08 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282049
|
- |
|
redhat
|
jbpm-designer
|
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read ar…
|
NVD-CWE-Other
|
CVE-2014-3682
|
2024-11-21 11:08 |
2015-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282050
|
- |
|
pivotal_software
|
spring_framework
|
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2014-3578
|
2024-11-21 11:08 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
