Total
1838 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | ||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | ||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 9.8 Critical |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | ||||
| CVE-2014-4172 | 4 Apereo, Debian, Fedoraproject and 1 more | 6 .net Cas Client, Java Cas Client, Phpcas and 3 more | 2024-11-21 | 9.8 Critical |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | ||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | ||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | N/A |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | ||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2024-11-21 | N/A |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | ||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | ||||
| CVE-2014-10386 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | ||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2024-11-21 | 9.8 Critical |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | ||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2024-11-21 | 9.8 Critical |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | ||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2024-11-21 | 9.8 Critical |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | ||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2024-11-21 | 9.8 Critical |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 5.3 Medium |
| Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | ||||
| CVE-2013-7070 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 9.8 Critical |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | ||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2024-11-21 | 9.8 Critical |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | ||||
| CVE-2013-4318 | 1 Feature Project | 1 Feature | 2024-11-21 | 5.4 Medium |
| File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | ||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2024-11-21 | 9.8 Critical |
| There is an object injection vulnerability in swfupload plugin for wordpress. | ||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 8.8 High |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | ||||
| CVE-2013-3214 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 9.8 Critical |
| vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | ||||