| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| eDeploy has RCE via cPickle deserialization of untrusted data |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. |
| python-rply before 0.7.4 insecurely creates temporary files. |
| Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. |
| signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. |
| On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. |
| A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644. |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable |
| The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script |
| LastPass prior to 2.5.1 has an insecure PIN implementation. |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. |
| RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. |
