Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | |||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2019-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2019-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2019-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | |||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | |||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| letodms 3.3.6 has CSRF via change password | |||||
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | |||||
| CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2019-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | |||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | |||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2019-11-14 | 3.3 LOW | 5.5 MEDIUM |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | |||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2005-2351 | 2 Debian, Mutt | 2 Debian Linux, Mutt | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2018-1308 | 2 Apache, Debian | 2 Solr, Debian Linux | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2019-11-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||