Vulnerabilities (CVE)

Total 27305 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4678 2 Debian, Redhat 2 Debian Linux, Ansible 2024-11-21 7.5 HIGH 9.8 CRITICAL
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
CVE-2014-4657 1 Redhat 1 Ansible 2024-11-21 7.5 HIGH 9.8 CRITICAL
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
CVE-2014-4651 1 Apache 1 Jclouds 2024-11-21 7.5 HIGH 9.8 CRITICAL
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
CVE-2014-4650 2 Python, Redhat 3 Python, Enterprise Linux, Software Collections 2024-11-21 7.5 HIGH 9.8 CRITICAL
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
CVE-2014-4198 1 Bssys 1 Rbs Bs-client. Retail Client 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
CVE-2014-4172 3 Apereo, Debian, Fedoraproject 5 .net Cas Client, Java Cas Client, Phpcas and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
CVE-2014-4170 1 Freereprintables 1 Articlefr 2024-11-21 7.5 HIGH 9.8 CRITICAL
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
CVE-2014-3990 1 Opencart 1 Opencart 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
CVE-2014-3919 1 Netgear 2 Cg3100, Cg3100 Firmware 2024-11-21 4.3 MEDIUM 9.3 CRITICAL
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
CVE-2014-3879 1 Freebsd 1 Freebsd 2024-11-21 7.5 HIGH 9.8 CRITICAL
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
CVE-2014-3719 1 Exlibrisgroup 1 Aleph 500 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.
CVE-2014-3700 1 Redhat 2 Edeploy, Jboss Enterprise Web Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
CVE-2014-3699 1 Redhat 2 Edeploy, Jboss Enterprise Web Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
eDeploy has RCE via cPickle deserialization of untrusted data
CVE-2014-3622 1 Php 1 Php 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
CVE-2014-3585 1 Redhat 2 Enterprise Linux, Redhat-upgrade-tool 2024-11-21 10.0 HIGH 9.8 CRITICAL
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
CVE-2014-3539 1 Rope Project 1 Rope 2024-11-21 7.5 HIGH 9.8 CRITICAL
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
CVE-2014-3484 1 Musl-libc 1 Musl 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
CVE-2014-3449 1 Bss Continuity Cms Project 1 Bss Continuty Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability
CVE-2014-3448 1 Bss Continuity Cms Project 1 Bss Continuty Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload
CVE-2014-3445 1 Handsomeweb 1 Sos Webpages 2024-11-21 7.5 HIGH 9.8 CRITICAL
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.