| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. |
| Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. |
| xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. |
| Dump Servlet information leak in jetty before 6.1.22. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| asterisk allows calls on prohibited networks |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. |
| gri before 2.12.18 generates temporary files in an insecure way. |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. |
| There is a possible heap overflow in libclamav/fsg.c before 0.100.0. |
| archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. |
