|
280961
|
- |
|
pandasecurity
|
panda_av_pro_2014
panda_internet_security_2014
panda_global_protection_2014
|
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5307
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280962
|
- |
|
qemu
|
qemu
|
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5263
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280963
|
- |
|
opendaylight
|
opendaylight
|
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, rel…
|
NVD-CWE-Other
|
CVE-2014-5035
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280964
|
- |
|
innovaphone
|
innovaphone_pbx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify con…
|
CWE-352
Origin Validation Error
|
CVE-2014-5335
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280965
|
- |
|
openstack
canonical
|
image_registry_and_delivery_service_\(glance\)
ubuntu_linux
|
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5356
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280966
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
|
CWE-255
Credentials Management
|
CVE-2014-5253
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280967
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
|
CWE-255
Credentials Management
|
CVE-2014-5252
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280968
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
|
CWE-255
Credentials Management
|
CVE-2014-5251
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280969
|
- |
|
php
|
php
|
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via …
|
CWE-20
Improper Input Validation
|
CVE-2014-5120
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280970
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2014-5243
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
