| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. |
| mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. |
| qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors |
| CFME: CSRF protection vulnerability via permissive check of the referrer header |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm |
| PotPlayer 1.5.40688: .avi File Memory Corruption |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
