5 matches found
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVE-2016-1000229
swagger-ui has XSS in key names
CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.