| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. |
| A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. |
| A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. |
| Joomla! before 2.5.3 allows Admin Account Creation. |
| Joomla! core before 2.5.3 allows unauthorized password change. |
| Local file inclusion in WebCalendar before 1.2.5. |
| Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks |
| Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. |
| Moodle before 2.2.2 has users' private files included in course backups |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to |
| mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. |
