| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
| Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext |
| Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |
| mediawiki allows deleted text to be exposed |
| Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. |
| Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| Snare for Linux before 1.7.0 has CSRF in the web interface. |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. |
