| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php. |
| PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. |
| Cryptocat strophe.js before 2.0.22 has information disclosure |
| Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure |
| Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness |
| Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview |
| Cryptocat before 2.0.22 has Nickname User Impersonation |
| Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |
| Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. |
| SaltStack RSA Key Generation allows remote users to decrypt communications |
| GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. |
| Monkey HTTP Daemon has local security bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| Monkey HTTP Daemon: broken user name authentication |
| The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. |
| WordPress plugin wp-cleanfix has Remote Code Execution |
