厂商或团体 redhat 的搜索结果 (1609)

CVE-2014-0120(发布:2017-12-29 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

CVE-2014-0121(发布:2017-12-29 17:29:00)NM
CVSS7.5

[原文]The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

CVE-2014-8119(发布:2017-12-29 17:29:00)NMP
CVSS5.0

[原文]The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

CVE-2016-3695(发布:2017-12-29 10:29:00)NMS
CVSS2.1

[原文]The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

CVE-2013-6465(发布:2017-12-19 14:29:00)NMS
CVSS3.5

[原文]Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

CVE-2014-3250(发布:2017-12-11 12:29:00)NM
CVSS4.0

[原文]The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

12345678下一页尾页 第1页 / 共269页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站