| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. |
| Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. |
| openstack-utils openstack-db has insecure password creation |
| The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. |
| The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities |
| The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. |
| IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. |
| Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. |
| Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. |
| A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image. |
| Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action |
| Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability |
