| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie. |
| Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. |
| PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. |
| Cryptocat strophe.js before 2.0.22 has information disclosure |
| Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure |
| Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness |
| SaltStack RSA Key Generation allows remote users to decrypt communications |
| GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| Monkey HTTP Daemon has local security bypass |
| The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. |
| WordPress plugin wp-cleanfix has Remote Code Execution |
| webauth before 4.6.1 has authentication credential disclosure |
| OpenShift cartridge allows remote URL retrieval |
| ZPanel through 10.1.0 has Remote Command Execution |
| Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. |
| OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. |
| autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. |
| WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution |
