| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. |
| Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. |
| Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. |
| Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. |
| kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure |
| kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS |
| Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. |
| Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations |
| Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. |
| Linux foundation ONOS 1.9.0 is vulnerable to a DoS. |
| Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. |
| Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. |
| The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. |
| Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. |
| Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
