| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm |
| The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. |
| gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. |
| PotPlayer 1.5.40688: .avi File Memory Corruption |
| Belkin n750 routers have a buffer overflow. |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. |
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component |
| ClamAV before 0.97.7 has WWPack corrupt heap memory |
| Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. |
| Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure |
| D-Link DIR-100 4.03B07: cli.cgi XSS |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script |
