| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ipa 3.0 does not properly check server identity before sending credential containing cookies |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. |
| Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation |
| opendnssec misuses libcurl API |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. |
| The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. |
| rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite |
| Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym. |
| gnome-system-log polkit policy allows arbitrary files on the system to be read |
| Claws Mail vCalendar plugin: credentials exposed on interface |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. |
| The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. |
| NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request. |
