|
279391
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "d…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4659
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279392
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
|
CWE-200
Information Exposure
|
CVE-2014-4658
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279393
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
|
CWE-20
Improper Input Validation
|
CVE-2014-4657
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279394
|
9.8 |
CRITICAL
Network
|
redhat
debian
|
ansible
debian_linux
|
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability e…
|
CWE-74
Injection
|
CVE-2014-4678
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279395
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in op…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4660
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279396
|
9.8 |
CRITICAL
Network
|
apache
|
jclouds
|
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or …
|
CWE-20
Improper Input Validation
|
CVE-2014-4651
|
2024-11-21 11:10 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279397
|
8.8 |
HIGH
Network
|
oberhumer
|
lzo2
liblzo2
|
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4607
|
2024-11-21 11:10 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279398
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows re…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4610
|
2024-11-21 11:10 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279399
|
8.8 |
HIGH
Network
|
libav
|
libav
|
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4609
|
2024-11-21 11:10 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279400
|
6.1 |
MEDIUM
Network
|
ultimate-weather_project
|
ultimate-weather
|
The ultimate-weather plugin 1.0 for WordPress has XSS
|
CWE-79
Cross-site Scripting
|
CVE-2014-4561
|
2024-11-21 11:10 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
