| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128. |
| Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. |
| Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access |
| Evernote prior to 5.5.1 has insecure password change |
| LastPass prior to 2.5.1 allows secure wipe bypass. |
| LastPass prior to 2.5.1 has an insecure PIN implementation. |
| Evernote before 5.5.1 has insecure PIN storage |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. |
| Collabtive 1.0 has incorrect access control |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha |
| Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." |
| The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. |
| Karotz API 12.07.19.00: Session Token Information Disclosure |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking |
| Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. |
