Total
1786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2017-5246 | 1 Biscom | 1 Secure File Transfer | 2020-02-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028. | |||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2020-02-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
| CVE-2020-8800 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | |||||
| CVE-2020-5216 | 1 Twitter | 1 Secure Headers | 2020-02-18 | 5.0 MEDIUM | 5.8 MEDIUM |
| In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. | |||||
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2020-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2020-5230 | 1 Apereo | 1 Opencast | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | |||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2020-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2020-8093 | 1 Bitdefender | 1 Antivirus | 2020-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2020-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | |||||
| CVE-2020-5219 | 1 Peerigon | 1 Angular-expressions | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | |||||