| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. |
| OpenStack nova base images permissions are world readable |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. |
| Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. |
| libuser has information disclosure when moving user's home directory |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. |
