|
290251
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information …
|
CWE-200
Information Exposure
|
CVE-2014-3667
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290252
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
|
CWE-94
Code Injection
|
CVE-2014-3666
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290253
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified ve…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3663
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290254
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
|
CWE-200
Information Exposure
|
CVE-2014-3662
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290255
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
|
CWE-399
Resource Management Errors
|
CVE-2014-3661
|
2024-11-21 11:08 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290256
|
- |
|
drupal
debian
|
drupal
debian_linux
|
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att…
|
CWE-89
SQL Injection
|
CVE-2014-3704
|
2024-11-21 11:08 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290257
|
- |
|
w1.fi
debian
canonical
|
hostapd
wpa_supplicant
debian_linux
ubuntu_linux
|
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via …
|
CWE-20
Improper Input Validation
|
CVE-2014-3686
|
2024-11-21 11:08 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290258
|
- |
|
redhat
jenkins
|
openshift
jenkins
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3681
|
2024-11-21 11:08 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290259
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2014-3664
|
2024-11-21 11:08 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290260
|
- |
|
scientificlinux
|
luci
|
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
|
CWE-94
Code Injection
|
CVE-2014-3593
|
2024-11-21 11:08 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
