| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware |
| JBossWeb Bayeux has reflected XSS |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents |
| The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. |
| Cache Poisoning issue exists in DNS Response Rate Limiting. |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. |
| php-symfony2-Validator has loss of information during serialization |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. |
| An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
| The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging |
| CloudForms stores user passwords in recoverable format |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. |
| Insecure temporary file vulnerability in RedHat vsdm 4.9.6. |
