CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load

CVE-2019-14380

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.

CVE-2013-6364

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVE-2014-1936

rc before 1.7.1-5 insecurely creates temporary files.

CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

CVE-2018-20761

GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

CVE-2010-2490

Mumble: murmur-server has DoS due to malformed client query

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

CVE-2012-2237

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Dis...

CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

CVE-2018-21016

audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVE-2019-13223

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

CVE-2019-14443

An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

CVE-2011-0544

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

CVE-2007-0899

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

CVE-2012-0842

surf: cookie jar has read access from other local user

CVE-2012-3543

mono 2.10.x ASP.NET Web Form Hash collision DoS

CVE-2012-6071

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CVE-2014-0175

mcollective has a default password set at install

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

CVE-2018-10242

Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

CVE-2010-4664

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

CVE-2013-7371

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

CVE-2014-1935

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

CVE-2019-11222

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

CVE-2019-13217

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

CVE-2019-13218

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

CVE-2011-2187

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

CVE-2019-11221

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

CVE-2015-5694

Designate does not enforce the DNS protocol limit concerning record set sizes

CVE-2007-6745

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

CVE-2012-5644

libuser has information disclosure when moving user's home directory

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits