| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. |
| The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. |
| A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. |
| libuser has information disclosure when moving user's home directory |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation |
| gnome-system-log polkit policy allows arbitrary files on the system to be read |
| The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. |
| xlockmore before 5.43 'dclock' security bypass vulnerability |
| mom creates world-writable pid files in /var/run |
| Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. |
| openslp: SLPIntersectStringList()' Function has a DoS vulnerability |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. |
| A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. |
| Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough |
| Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. |
| Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php |
