Total
308304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-4658 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | |||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |||||
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | |||||
| CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | |||||
| CVE-2014-4613 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. | |||||
| CVE-2014-4612 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4609 | 1 Libav | 1 Libav | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4592 | 1 Czepol | 1 Wp-planet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4567 | 1 Videowhisper | 1 Video Comments Webcam Recorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2014-4561 | 1 Ultimate-weather Project | 1 Ultimate-weather | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-weather plugin 1.0 for WordPress has XSS | |||||
| CVE-2014-4559 | 1 Cybercompay | 1 Swipehq-payment-gateway-wp-e-commerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. | |||||
| CVE-2014-4558 | 1 Cybercompany | 1 Swipehq-payment-gateway-woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | |||||
| CVE-2014-4553 | 1 Spreadshirt-rss-3d-cube-flash-gallery Project | 1 Spreadshirt-rss-3d-cube-flash-gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2014-4550 | 1 Visualshortcodes | 1 Ninja | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | |||||
| CVE-2014-4548 | 1 Ruven-toolkit Project | 1 Ruven-toolkit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter. | |||||