| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. |
| Mumble: murmur-server has DoS due to malformed client query |
| Drupal versions 5.x and 6.x has open redirection |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. |
| Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. |
| xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. |
| Dump Servlet information leak in jetty before 6.1.22. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| overkill has buffer overflow via long player names that can corrupt data on the server machine |
| asterisk allows calls on prohibited networks |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. |
| gri before 2.12.18 generates temporary files in an insecure way. |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
