| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. |
| Dump Servlet information leak in jetty before 6.1.22. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| overkill has buffer overflow via long player names that can corrupt data on the server machine |
| A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . |
| pixelpost 1.7.1 has XSS |
| pixelpost 1.7.1 has SQL injection |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. |
| Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. |
| dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. |
| ytnef has directory traversal |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. |
| asterisk allows calls on prohibited networks |
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. |
