CVE-2014-8333 (compute, openstack)
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
[월:] 2014년 10월
CVE-2014-3708 (compute, openstack)
CVE-2014-3708 (compute, openstack)
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
CVE-2013-0334 (bundler, fedora, opensuse)
CVE-2013-0334 (bundler, fedora, opensuse)
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
CVE-2014-3694 (debian_linux, opensuse, pidgin, ubuntu_linux)
CVE-2014-3694 (debian_linux, opensuse, pidgin, ubuntu_linux)
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: CVE-2014-3694 (debian_linux, opensuse, pidgin, ubuntu_linux)
CVE-2014-3409 (ios, ios_xe)
CVE-2014-3409 (ios, ios_xe)
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.
Source: CVE-2014-3409 (ios, ios_xe)
CVE-2014-5026 (cacti, debian_linux, opensuse)
CVE-2014-5026 (cacti, debian_linux, opensuse)
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.
CVE-2014-6555 (mariadb, mysql, solaris)
CVE-2014-6555 (mariadb, mysql, solaris)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
CVE-2014-6507 (mariadb, mysql, solaris)
CVE-2014-6507 (mariadb, mysql, solaris)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
CVE-2014-6464 (mariadb, mysql, solaris)
CVE-2014-6464 (mariadb, mysql, solaris)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
CVE-2014-6469 (mariadb, mysql, solaris)
CVE-2014-6469 (mariadb, mysql, solaris)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.