5 matches found
CVE-2014-3699
CVE-2014-3699 affects the Linux configuration/update tool eDeploy . The vulnerability is a deserialization flaw: untrusted data deserialized via Python’s cPickle , leading to remote code execution. Public references in the documents consistently describe an RCE impact without detailing specific e...
CVE-2014-3701
CVE-2014-3701 describes a tmp file race condition in eDeploy. NVD lists CVSSv3.1 8.1 (Network, High, UI=None, Privileges=None, Scope=Unchanged) with high impact to confidentiality, integrity, and availability; CVSSv2 9.3 (Network, High) also indicates complete impact. Connected entries reiterate ...
CVE-2014-3702
CVE-2014-3702 describes a directory-traversal vulnerability in Red Hat eNovance eDeploy. A remote attacker can exploit the vulnerability by manipulating the session parameter with dots (..) to create arbitrary directories and files, causing a denial of service through resource consumption. The co...
CVE-2014-3700
CVE-2014-3700 relates to the eDeploy component, where remote code execution is possible due to the use of eval() on untrusted data. The available records describe this as a high/severity issue with RCE risk (NVD CVSS v2: 7.5 Partial Integrity/Partial Availability; v3.1: 9.8 Critical), indicating ...
CVE-2014-8174
CVE-2014-8174 relates to Red Hat eDeploy where an attacker can achieve remote code execution by abusing eDeploy’s handling of HTTP downloads. The linked sources explicitly describe eDeploy as a tool that facilitates remote code execution when files are downloaded over HTTP, enabling an attacker t...