| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. |
| A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. |
| A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. |
| The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key. |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. |
| web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. |
| Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. |
| Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. |
| The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. |
| Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. |
| IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. |
