| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. |
| Orca has arbitrary code execution due to insecure Python module load |
| Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. |
| The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. |
| mysecureshell 1.31: Local Information Disclosure Vulnerability |
| The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. |
| There is an object injection vulnerability in swfupload plugin for wordpress. |
| Cryptocat has an Unspecified Chat Participant User List Disclosure |
| Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input |
| Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness |
| Cryptocat before 2.0.22 has Remote Denial of Service via username |
| Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. |
| The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. |
| evince is missing a check on number of pages which can lead to a segmentation fault |
| The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. |
| The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. |
