|
283631
|
- |
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3653
|
2024-11-21 11:08 |
2015-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283632
|
- |
|
opensuse
python
|
opensuse
pillow
|
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
|
CWE-399
Resource Management Errors
|
CVE-2014-3598
|
2024-11-21 11:08 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283633
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-h…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3586
|
2024-11-21 11:08 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283634
|
- |
|
opensuse
gluster
|
opensuse
glusterfs
|
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
|
CWE-399
Resource Management Errors
|
CVE-2014-3619
|
2024-11-21 11:08 |
2015-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283635
|
- |
|
redhat
theforeman
|
openstack
foreman
|
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and …
|
CWE-310
Cryptographic Issues
|
CVE-2014-3691
|
2024-11-21 11:08 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283636
|
- |
|
redhat
|
jbpm-designer
|
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read ar…
|
NVD-CWE-Other
|
CVE-2014-3682
|
2024-11-21 11:08 |
2015-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283637
|
- |
|
pivotal_software
|
spring_framework
|
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2014-3578
|
2024-11-21 11:08 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283638
|
- |
|
broadcom
symantec
|
symantec_critical_system_protection
data_center_security
|
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a…
|
CWE-20
Improper Input Validation
|
CVE-2014-3440
|
2024-11-21 11:08 |
2015-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283639
|
- |
|
redhat
|
cloudforms_3.1_management_engine
|
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at…
|
CWE-255
Credentials Management
|
CVE-2014-3692
|
2024-11-21 11:08 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283640
|
- |
|
openssl
|
openssl
|
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigge…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3572
|
2024-11-21 11:08 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
