|
283801
|
- |
|
apache
canonical
serf_project
|
subversion
ubuntu_linux
serf
|
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in t…
|
NVD-CWE-Other
|
CVE-2014-3504
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283802
|
- |
|
redhat
|
resteasy
jboss_enterprise_application_platform
|
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity…
|
NVD-CWE-Other
|
CVE-2014-3490
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283803
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3472
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283804
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3464
|
2024-11-21 11:08 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283805
|
- |
|
openssl
|
openssl
|
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3512
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283806
|
- |
|
openssl
|
openssl
|
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in comm…
|
NVD-CWE-noinfo
|
CVE-2014-3511
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283807
|
- |
|
openssl
|
openssl
|
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL poi…
|
NVD-CWE-Other
|
CVE-2014-3510
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283808
|
- |
|
openssl
|
openssl
|
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL …
|
CWE-362
Race Condition
|
CVE-2014-3509
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283809
|
- |
|
openssl
|
openssl
|
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' …
|
CWE-200
Information Exposure
|
CVE-2014-3508
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283810
|
- |
|
openssl
|
openssl
|
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumpt…
|
CWE-399
Resource Management Errors
|
CVE-2014-3507
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
