Lucene search

K

1190 matches found

CVE
CVE
added 2019/04/28 4:29 p.m.47 views

CVE-2019-11579

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

5.3CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2019/11/12 9:15 p.m.46 views

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

6.5CVSS6.4AI score0.00224EPSS
CVE
CVE
added 2019/11/20 4:15 p.m.46 views

CVE-2011-0529

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

7.5CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.46 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

9.8CVSS9.7AI score0.00517EPSS
CVE
CVE
added 2019/10/31 7:15 p.m.46 views

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

9.8CVSS9.2AI score0.00849EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.46 views

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

7.5CVSS7.5AI score0.00397EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.45 views

CVE-2013-1811

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

4.3CVSS4.8AI score0.00325EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.45 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HT...

6.1CVSS6.1AI score0.00728EPSS
CVE
CVE
added 2019/05/05 6:29 a.m.45 views

CVE-2019-11766

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.8CVSS9.5AI score0.00777EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.44 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

5.9CVSS5.7AI score0.00231EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.44 views

CVE-2012-2350

pam_shield before 0.9.4: Default configuration does not perform protective action

7.5CVSS7.5AI score0.00425EPSS
CVE
CVE
added 2019/11/08 12:15 a.m.43 views

CVE-2008-7291

gri before 2.12.18 generates temporary files in an insecure way.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.43 views

CVE-2010-3359

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.

4.8CVSS5AI score0.00127EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.42 views

CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

7.5CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.42 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks

9.8CVSS9.3AI score0.00432EPSS
CVE
CVE
added 2019/12/20 3:15 p.m.42 views

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2019/12/05 5:15 p.m.42 views

CVE-2013-0326

OpenStack nova base images permissions are world readable

5.5CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.42 views

CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

6.3CVSS6.2AI score0.00786EPSS
CVE
CVE
added 2019/12/04 10:15 p.m.42 views

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

9.8CVSS9.7AI score0.00387EPSS
CVE
CVE
added 2019/11/06 3:15 a.m.41 views

CVE-2006-4245

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

8.1CVSS7.9AI score0.00335EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.41 views

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.41 views

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

9.3CVSS7.9AI score0.0244EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.40 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...

7.5CVSS7.4AI score0.00163EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.40 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS
CVE
CVE
added 2019/11/12 3:15 p.m.40 views

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2019/11/13 4:15 p.m.40 views

CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

6.1CVSS5.9AI score0.0045EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.39 views

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

6.3CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2019/11/27 7:15 p.m.39 views

CVE-2011-2207

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

5.3CVSS5.3AI score0.01445EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.38 views

CVE-2010-3373

paxtest handles temporary files insecurely

5.5CVSS5.5AI score0.00141EPSS
CVE
CVE
added 2019/11/13 7:15 p.m.38 views

CVE-2010-4533

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

9.8CVSS9.4AI score0.00276EPSS
CVE
CVE
added 2019/11/13 11:15 p.m.38 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

7.5CVSS7.4AI score0.00311EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.37 views

CVE-2012-0051

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

7.4CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2019/11/25 6:15 p.m.37 views

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

9CVSS8.6AI score0.01199EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.37 views

CVE-2013-1425

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

5.5CVSS5.5AI score0.00097EPSS
CVE
CVE
added 2019/11/13 10:15 p.m.36 views

CVE-2010-4817

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

5.5CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.36 views

CVE-2011-1070

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

7.8CVSS7.5AI score0.00132EPSS
CVE
CVE
added 2019/11/15 3:15 p.m.36 views

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

5.9CVSS5.7AI score0.00579EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.34 views

CVE-2011-4931

gpw generates shorter passwords than required

7.5CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2019/11/13 5:15 p.m.34 views

CVE-2012-4385

letodms 3.3.6 has CSRF via change password

6.5CVSS6.6AI score0.00226EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.33 views

CVE-2013-1809

Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

7.5CVSS7.5AI score0.01701EPSS
Total number of security vulnerabilities1190