| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ZF2014-03 has a potential cross site scripting vector in multiple view helpers |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. |
| Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. |
| duplicity 0.6.24 has improper verification of SSL certificates |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities |
| X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. |
| rc before 1.7.1-5 insecurely creates temporary files. |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. |
| mcollective has a default password set at install |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol |
| node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component |
| ClamAV before 0.97.7 has WWPack corrupt heap memory |
