CVE-2014-9757CVE-2014-9757

Affected configuration(s):

cpe:/a:atlassian:bamboo:2.4
cpe:/a:atlassian:bamboo:2.4.1
cpe:/a:atlassian:bamboo:2.4.2
cpe:/a:atlassian:bamboo:2.4.3
cpe:/a:atlassian:bamboo:2.5
cpe:/a:atlassian:bamboo:2.5.1
cpe:/a:atlassian:bamboo:2.5.2
cpe:/a:atlassian:bamboo:2.5.3
cpe:/a:atlassian:bamboo:2.5.5
cpe:/a:atlassian:bamboo:2.6
cpe:/a:atlassian:bamboo:2.6.1
cpe:/a:atlassian:bamboo:2.6.2
cpe:/a:atlassian:bamboo:2.6.3
cpe:/a:atlassian:bamboo:2.7
cpe:/a:atlassian:bamboo:2.7.1
cpe:/a:atlassian:bamboo:2.7.2
cpe:/a:atlassian:bamboo:2.7.3
cpe:/a:atlassian:bamboo:2.7.4
cpe:/a:atlassian:bamboo:3.0
cpe:/a:atlassian:bamboo:3.0.1
cpe:/a:atlassian:bamboo:3.0.2
cpe:/a:atlassian:bamboo:3.0.3
cpe:/a:atlassian:bamboo:3.1
cpe:/a:atlassian:bamboo:3.1.1
cpe:/a:atlassian:bamboo:3.1.3
cpe:/a:atlassian:bamboo:3.1.4
cpe:/a:atlassian:bamboo:3.2
cpe:/a:atlassian:bamboo:3.2.2
cpe:/a:atlassian:bamboo:3.3
cpe:/a:atlassian:bamboo:3.3.1
cpe:/a:atlassian:bamboo:3.3.2
cpe:/a:atlassian:bamboo:3.3.3
cpe:/a:atlassian:bamboo:3.3.4
cpe:/a:atlassian:bamboo:3.4
cpe:/a:atlassian:bamboo:3.4.1
cpe:/a:atlassian:bamboo:3.4.2
cpe:/a:atlassian:bamboo:3.4.3
cpe:/a:atlassian:bamboo:3.4.4
cpe:/a:atlassian:bamboo:3.4.5
cpe:/a:atlassian:bamboo:4.0
cpe:/a:atlassian:bamboo:4.0.1
cpe:/a:atlassian:bamboo:4.1
cpe:/a:atlassian:bamboo:4.1.1
cpe:/a:atlassian:bamboo:4.1.2
cpe:/a:atlassian:bamboo:4.2
cpe:/a:atlassian:bamboo:4.2.1
cpe:/a:atlassian:bamboo:4.3
cpe:/a:atlassian:bamboo:4.3.1
cpe:/a:atlassian:bamboo:4.3.2
cpe:/a:atlassian:bamboo:4.3.3
cpe:/a:atlassian:bamboo:4.3.4
cpe:/a:atlassian:bamboo:4.4
cpe:/a:atlassian:bamboo:4.4.1
cpe:/a:atlassian:bamboo:4.4.2
cpe:/a:atlassian:bamboo:4.4.3
cpe:/a:atlassian:bamboo:4.4.4
cpe:/a:atlassian:bamboo:4.4.5
cpe:/a:atlassian:bamboo:4.4.8
cpe:/a:atlassian:bamboo:5.0
cpe:/a:atlassian:bamboo:5.0:beta1
cpe:/a:atlassian:bamboo:5.0:beta2
cpe:/a:atlassian:bamboo:5.0:beta3
cpe:/a:atlassian:bamboo:5.0:rc1
cpe:/a:atlassian:bamboo:5.0.1
cpe:/a:atlassian:bamboo:5.1
cpe:/a:atlassian:bamboo:5.1.1
cpe:/a:atlassian:bamboo:5.2
cpe:/a:atlassian:bamboo:5.2.1
cpe:/a:atlassian:bamboo:5.2.2
cpe:/a:atlassian:bamboo:5.3
cpe:/a:atlassian:bamboo:5.4
cpe:/a:atlassian:bamboo:5.4.1
cpe:/a:atlassian:bamboo:5.4.2
cpe:/a:atlassian:bamboo:5.5
cpe:/a:atlassian:bamboo:5.6
cpe:/a:atlassian:bamboo:5.6.1
cpe:/a:atlassian:bamboo:5.6.2
cpe:/a:atlassian:bamboo:5.7
cpe:/a:atlassian:bamboo:5.7.1
cpe:/a:atlassian:bamboo:5.7.2
cpe:/a:atlassian:bamboo:5.8
cpe:/a:atlassian:bamboo:5.8.1
cpe:/a:atlassian:bamboo:5.8.2
cpe:/a:atlassian:bamboo:5.8.5
cpe:/a:atlassian:bamboo:5.9
cpe:/a:atlassian:bamboo:5.9.1
cpe:/a:atlassian:bamboo:5.9.2
cpe:/a:atlassian:bamboo:5.9.3
cpe:/a:atlassian:bamboo:5.9.4
cpe:/a:atlassian:bamboo:5.9.7

Date published: 2016-02-08T14:59:00.127-05:00

Date last modified: 2016-02-19T09:23:09.973-05:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html

Summary: The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

CVE-2014-6268CVE-2014-6268

Affected configuration(s):

cpe:/o:xen:xen:4.4.0
cpe:/o:xen:xen:4.4.0:rc1
cpe:/o:xen:xen:4.4.1

Date published: 2015-01-12T10:59:02.443-05:00

Date last modified: 2017-09-07T21:29:13.433-04:00

CVSS Score: 4.9

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/69753

Summary: The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.