| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |
| Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. |
| SaltStack RSA Key Generation allows remote users to decrypt communications |
| GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. |
| Monkey HTTP Daemon has local security bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| Monkey HTTP Daemon: broken user name authentication |
| The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. |
| WordPress plugin wp-cleanfix has Remote Code Execution |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF |
| webauth before 4.6.1 has authentication credential disclosure |
| OpenShift cartridge allows remote URL retrieval |
| Katello has multiple XSS issues in various entities |
| ZPanel through 10.1.0 has Remote Command Execution |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. |
