|
282271
|
- |
|
pivotal_software
|
rabbitmq
|
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9494
|
2024-11-21 11:21 |
2015-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282272
|
- |
|
illumos
|
illumos
|
The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecifi…
|
NVD-CWE-Other
|
CVE-2014-9491
|
2024-11-21 11:21 |
2015-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282273
|
- |
|
getsentry
|
raven-ruby
|
The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.
|
CWE-399
Resource Management Errors
|
CVE-2014-9490
|
2024-11-21 11:21 |
2015-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282274
|
- |
|
ffmpeg
canonical
|
ffmpeg
ubuntu_linux
|
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly h…
|
CWE-189
Numeric Errors
|
CVE-2014-9604
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282275
|
- |
|
ffmpeg
|
ffmpeg
|
The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a…
|
CWE-20
Improper Input Validation
|
CVE-2014-9603
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282276
|
- |
|
ffmpeg
|
ffmpeg
|
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a deni…
|
CWE-189
Numeric Errors
|
CVE-2014-9602
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282277
|
- |
|
python
oracle
fedoraproject
opensuse
|
pillow
solaris
fedora
opensuse
|
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
|
CWE-20
Improper Input Validation
|
CVE-2014-9601
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282278
|
- |
|
libsndfile_project
opensuse
debian
canonical
oracle
|
libsndfile
opensuse
debian_linux
ubuntu_linux
solaris
|
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
|
NVD-CWE-noinfo
|
CVE-2014-9496
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282279
|
- |
|
macroplant
|
iexplorer
|
Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll.
|
NVD-CWE-Other
|
CVE-2014-9600
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282280
|
- |
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9599
|
2024-11-21 11:21 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
