| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. |
| Review Board: URL processing gives unauthorized users access to review lists |
| ReviewBoard: has an access-control problem in REST API |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. |
| shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. |
| smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. |
| MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. |
| packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. |
| The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. |
