| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. |
| In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. |
| Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. |
| openstack-utils openstack-db has insecure password creation |
| The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. |
| The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities |
| The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. |
| IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. |
| Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. |
| Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. |
| A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image. |
