| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
| RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability |
| WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities |
| gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. |
| CloudForms stores user passwords in recoverable format |
| slim has NULL pointer dereference when using crypt() method from glibc 2.17 |
| Review Board: URL processing gives unauthorized users access to review lists |
| ReviewBoard: has an access-control problem in REST API |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| Simple Machines Forum (SMF) through 2.0.5 has XSS |
| An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. |
| The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
| opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities |
