Filtered by CWE-20
Total 12560 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-4657 1 Redhat 1 Ansible 2024-11-21 9.8 Critical
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
CVE-2014-4651 2 Apache, Redhat 2 Jclouds, Jboss Fuse 2024-11-21 9.8 Critical
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
CVE-2014-3798 1 Citrix 1 Xenserver 2024-11-21 N/A
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
CVE-2014-3206 1 Seagate 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more 2024-11-21 N/A
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
CVE-2014-2914 1 Fishshell 1 Fish 2024-11-21 9.8 Critical
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
CVE-2014-2304 1 Projectfloodlight 1 Open Sdn Controller 2024-11-21 7.5 High
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.
CVE-2014-2271 2 Huawei, Wps 3 P2-6011, P2-6011 Firmware, Wps Office 2024-11-21 8.1 High
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.
CVE-2014-2032 2 Deadwood Project, Maradns Project 2 Deadwood, Maradns 2024-11-21 N/A
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.
CVE-2014-1937 1 Gamera Project 1 Gamera 2024-11-21 7.5 High
Gamera before 3.4.1 insecurely creates temporary files.
CVE-2014-1936 2 Debian, Rc Project 2 Debian Linux, Rc 2024-11-21 7.5 High
rc before 1.7.1-5 insecurely creates temporary files.
CVE-2014-1935 2 9base Project, Debian 2 9base, Debian Linux 2024-11-21 5.3 Medium
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.
CVE-2014-1858 1 Numpy 1 Numpy 2024-11-21 N/A
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-1426 1 Canonical 1 Metal As A Service 2024-11-21 N/A
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
CVE-2014-10384 1 Memphis Documents Library Project 1 Memphis Documents Library 2024-11-21 N/A
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
CVE-2014-10383 1 Memphis Documents Library Project 1 Memphis Documents Library 2024-11-21 N/A
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
CVE-2014-10077 2 Debian, I18n Project 2 Debian Linux, I18n 2024-11-21 N/A
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
CVE-2014-10051 1 Qualcomm 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more 2024-11-21 N/A
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines.
CVE-2014-0900 1 Google 1 Android 2024-11-21 N/A
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
CVE-2014-0593 1 Opensuse 1 Open Build Service 2024-11-21 N/A
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
CVE-2014-0486 1 Nic 1 Knot Cms 2024-11-21 N/A
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.