| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |
| mediawiki allows deleted text to be exposed |
| Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. |
| Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| Snare for Linux before 1.7.0 has CSRF in the web interface. |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
