| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. |
| Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. |
| Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents. |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. |
| It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. |
| It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. |
| pootle 2.0.5 has XSS via 'match_names' parameter |
| Tiki Wiki CMS Groupware 5.2 has CSRF |
| Tiki Wiki CMS Groupware 5.2 has XSS |
| Tiki Wiki CMS Groupware 5.2 has Local File Inclusion |
| Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console |
| mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. |
| JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. |
