|
291491
|
- |
|
pnp4nagios
|
pnp4nagios
|
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4908
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291492
|
- |
|
op5
pnp4nagios
|
monitor
pnp4nagios
|
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4907
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291493
|
9.8 |
CRITICAL
Network
|
python
redhat
|
python
enterprise_linux
software_collections
|
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct…
|
CWE-22
Path Traversal
|
CVE-2014-4650
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291494
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "d…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4659
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291495
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
|
CWE-200
Information Exposure
|
CVE-2014-4658
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291496
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
|
CWE-20
Improper Input Validation
|
CVE-2014-4657
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291497
|
9.8 |
CRITICAL
Network
|
redhat
debian
|
ansible
debian_linux
|
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability e…
|
CWE-74
Injection
|
CVE-2014-4678
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291498
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in op…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4660
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291499
|
9.8 |
CRITICAL
Network
|
apache
|
jclouds
|
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or …
|
CWE-20
Improper Input Validation
|
CVE-2014-4651
|
2024-11-21 11:10 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291500
|
8.8 |
HIGH
Network
|
oberhumer
|
lzo2
liblzo2
|
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4607
|
2024-11-21 11:10 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
