8222 matches found
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...
OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)
Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...
OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
CVE-2013-2461
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
CVE-2013-2461
CVE-2013-2461 is an unspecified vulnerability in the Java Runtime Environment components (Oracle JRE 7 Update 21 and earlier; JRockit/OpenJDK 7; and OpenJDK 7) enabling remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, with a specifi...
CVE-2013-2461
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
JBoss AS Administrative Console Password Disclosure
Product: Embedded Jopr - JBoss AS Administration Console Vendor: Red Hat Middleware, LLC Version: JBoss AS Resources Datasources 2. Select Datasource 3. View page source 4. Find input type="password" 5. "value=" will contain the database password. 6. Dump database. Vendor Notified: Yes Vendor...
CVE-2013-2380
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415...
CVE-2013-2390
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504...
CVE-2013-2393
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters...
Buffer overflow
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters...
Design/Logic Flaw
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504...
Design/Logic Flaw
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415...
CVE-2013-2380
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415...
CVE-2013-2390
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504...
CVE-2013-2393
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters...
CVE-2013-2393
CVE-2013-2393 concerns an unspecified vulnerability in the Oracle Outside In Technology component used by Oracle Fusion Middleware versions 8.3.7 and 8.4.0, with impact stated as availability via issues related to Outside In Filters. The connected documents confirm this CVE is associated with Ora...
CVE-2013-2390
Technical details for CVE-2013-2390 are not publicly available in the provided connected documents; monitor for updates.
CVE-2013-2380
Technical details for CVE-2013-2380 are not provided in the supplied connected documents. No product/version specifics or remediation are included here; monitor official advisories for updates and confirmation of applicability.