| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| Monkey HTTP Daemon: broken user name authentication |
| The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. |
| WordPress plugin wp-cleanfix has Remote Code Execution |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF |
| webauth before 4.6.1 has authentication credential disclosure |
| OpenShift cartridge allows remote URL retrieval |
| Katello has multiple XSS issues in various entities |
| ZPanel through 10.1.0 has Remote Command Execution |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. |
| SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. |
| Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. |
| OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. |
