| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes. |
| W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files. |
| Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. |
| BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error |
| BabyGekko before 1.2.4 allows PHP file inclusion. |
| opendnssec misuses libcurl API |
| The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. |
| gnome-system-log polkit policy allows arbitrary files on the system to be read |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. |
| Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. |
| Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. |
| Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. |
| FreeBSD: Input Validation Flaw allows local users to gain elevated privileges |
| xlockmore before 5.43 'dclock' security bypass vulnerability |
| Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. |
| An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information. |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. |
| mono 2.10.x ASP.NET Web Form Hash collision DoS |
| cumin: At installation postgresql database user created without password |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation |
