VIR Vulnerability Intelligence Relay

Search

Found 1,349 results in 150ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-9644 low 2.1 FIX debian debianubuntu ubuntu linux-kernel 11y ago The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the…
CVE-2013-7421 low 2.1 FIX debian debianubuntu ubuntu linux-kernel 11y ago The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different…
CVE-2015-2047 low 2.6 debian debian typo3 11y ago The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authenti…
CVE-2015-1197 low 1.9 FIX debian debian gnu 11y ago cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
CVE-2015-0245 low 1.9 FIX debian debiansuse suse freedesktop 12y ago D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service …
CVE-2015-1345 low 2.1 FIX debian debiansuse suse gnu 12y ago The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
CVE-2015-1426 low 2.1 FIX debian debian puppetpuppetlabs 12y ago Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
CVE-2015-1563 low 2.1 FIX fedora fedoradebian debian 12y ago The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.
CVE-2015-1558 low 3.5 FIX debian debian digium 12y ago Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of …
CVE-2015-0236 low 3.5 FIX slesubuntu ubuntususe suse redhat 12y ago libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (…
CVE-2015-0427 low 3.2 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSV…
CVE-2015-0418 low 2.1 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v…
CVE-2015-0413 low 1.9 FIX ubuntu ubuntususe susedebian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
CVE-2015-0374 low 3.5 ubuntu ubuntususe susedebian debian oraclemariadb 12y ago Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security…
CVE-2013-6892 low 3.5 debian debian websvn 12y ago WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2014-6595 low 3.2 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…
CVE-2014-6591 low 2.6 FIX debian debian oracle 12y ago Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vuln…
CVE-2014-6590 low 3.2 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…
CVE-2014-6589 low 3.2 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…
CVE-2014-6588 low 3.2 FIX suse susedebian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…
CVE-2014-6585 low 2.6 FIX debian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6…
CVE-2014-6568 low 3.5 ubuntu ubuntususe susedebian debian oraclemariadb 12y ago Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
CVE-2015-0862 low 3.5 FIX debian debian pivotal_software 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via…
CVE-2014-9496 low 2.1 FIX ubuntu ubuntususe susedebian debian libsndfile_project 12y ago The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2014-9475 low 3.5 FIX debian debian mediawiki 12y ago Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbi…
CVE-2014-9585 low 2.1 FIX debian debianfedora fedorasuse suse 12y ago The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR …
CVE-2014-9584 low 2.1 FIX debian debiansuse suse rhel 12y ago The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows loca…
CVE-2014-9269 low 2.6 debian debian mantisbt 12y ago Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web s…
CVE-2014-9507 low 2.6 FIX debian debian mediawiki 12y ago MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content…
CVE-2011-3592 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script o…
CVE-2011-3591 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an imprope…
CVE-2014-9419 low 2.1 FIX debian debian linux-kernel 12y ago The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, …
CVE-2014-8136 low 2.1 FIX debian debiansuse suse rhel redhat 12y ago The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denia…
CVE-2014-8135 low 2.1 FIX debian debian redhat 12y ago The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereferen…
CVE-2014-7170 low 1.9 FIX debian debian puppet 12y ago Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
CVE-2014-8133 low 2.1 FIX linux-kerneldebian debian 12y ago arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easie…
CVE-2014-5354 low 3.5 FIX debian debian mit 12y ago plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NU…
CVE-2014-5353 low 3.5 FIX debian debianfedora fedora rhel mit 12y ago The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated us…
CVE-2014-8134 low 3.3 3.3 FIX debian debian linux-kernelsuse suse 12y ago The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to …
CVE-2014-8737 low 3.6 FIX debian debianubuntu ubuntufedora fedora gnu 12y ago Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcop…
CVE-2014-4703 low 3.1 EXPFIX debian debian nagios 12y ago lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca…
CVE-2014-4702 low 2.1 FIX debian debian nagios 12y ago The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4…
CVE-2014-4701 low 2.1 FIX debian debian nagios 12y ago The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4…
CVE-2013-6497 low 2.1 FIX debian debian clamav 12y ago clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
CVE-2014-8960 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users…
CVE-2014-8595 low 1.9 FIX suse susedebian debian 12y ago arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a craf…
CVE-2014-7828 low 3.5 FIX debian debian freeipa 12y ago FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, wh…
CVE-2014-7824 low 2.1 FIX debian debianubuntu ubuntu freedesktop 12y ago D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the…
CVE-2014-3209 low 2.1 FIX debian debian nlnetlabs 12y ago The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
CVE-2014-2667 low 3.3 FIX slesdebian debian python 12y ago Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file per…
CVE-2014-3645 low 2.1 FIX debian debian linux-kernel 12y ago arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS cr…
CVE-2014-3640 low 2.1 FIX debian debianubuntu ubuntu rhel qemu 12y ago The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a…
CVE-2014-8326 low 3.5 FIX suse susedebian debian phpmyadmin 12y ago phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
CVE-2014-3615 low 2.1 FIX slesdebian debiansuse suse qemuredhat 12y ago The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-8578 low 3.5 FIX debian debian openstack 12y ago Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject ar…
CVE-2014-3475 low 3.5 FIX debian debiansuse suse openstack 12y ago Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrator…
CVE-2014-3474 low 3.5 FIX debian debiansuse suse openstack 12y ago OpenStack Horizon Cross-site scripting (XSS) vulnerability
CVE-2014-0476 low 4.7 EXPFIX debian debianubuntu ubuntu chkrootkit 12y ago The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerabilit…
CVE-2014-3636 low 1.9 FIX debian debiansuse suse d-bus_projectfreedesktop 12y ago D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of…
CVE-2014-5026 low 3.5 FIX debian debiansuse suse cacti 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete …
CVE-2014-5025 low 3.5 FIX debian debiansuse suse cacti 12y ago Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter …
CVE-2014-6558 low 2.6 FIX debian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vector…
CVE-2014-6540 low 1.9 FIX debian debian oracle 12y ago Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vecto…
CVE-2014-6527 low 2.6 FIX debian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
CVE-2014-6502 low 2.6 FIX debian debian oracle 12y ago Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVE-2014-7206 low 3.6 FIX debian debian debian 12y ago The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
CVE-2014-3566 low 3.4 4.4 EXPFIX slesdebian debianfreebsd freebsd novellopensslibm 12y ago The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad…
CVE-2014-5351 low 2.1 FIX debian debian mit 12y ago The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r…
CVE-2014-5270 low 2.1 FIX debian debian gnupg 12y ago Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers …
CVE-2014-7231 low 2.1 FIX debian debian openstackredhat 12y ago OpenStack Oslo utility sensitive information exposure via log files
CVE-2014-7230 low 2.1 FIX debian debianubuntu ubuntu openstackredhat 12y ago The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro…
CVE-2014-7295 low 3.5 FIX debian debian mediawiki 12y ago The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripti…
CVE-2014-1875 low 3.6 FIX debian debian cspan 12y ago The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-3608 low 2.7 FIX debian debian openstack 12y ago The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into t…
CVE-2014-7217 low 3.5 FIX debian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting Vulnerability via ENUM value
CVE-2014-7156 low 3.3 FIX debian debian 12y ago The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allo…
CVE-2014-4330 low 2.1 FIX debian debian perldata_dumper_project 12y ago The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Referenc…
CVE-2012-6110 low 2.1 FIX debian debian bcron_project 12y ago bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessi…
CVE-2012-5619 low 2.1 FIX debian debian sleuthkit 12y ago The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide a…
CVE-2014-3639 low 2.1 FIX debian debiansuse suse d-bus_projectfreedesktop 12y ago The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and pre…
CVE-2014-3638 low 2.1 FIX debian debiansuse suse d-bus_projectfreedesktop 12y ago The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of metho…
CVE-2014-3637 low 2.1 FIX debian debiansuse suse freedesktop 12y ago D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bu…
CVE-2014-6060 low 3.3 FIX debian debian dhcpcd_project 12y ago The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) serve…
CVE-2014-5247 low 2.1 FIX debian debian spi-inc 12y ago The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, …
CVE-2014-0483 low 3.5 FIX suse susedebian debian djangoproject 12y ago The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship be…
CVE-2014-3594 low 3.5 FIX debian debiansuse suse openstack 12y ago OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
CVE-2014-5274 low 3.5 FIX suse susedebian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting vulnerability in crafted view name
CVE-2014-5273 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip…
CVE-2014-5240 low 2.1 FIX debian debian wordpress 12y ago Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script o…
CVE-2014-5177 low 1.2 FIX debian debiansuse suse rhel redhat 12y ago libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat…
CVE-2014-0179 low 1.9 FIX suse susedebian debian rhel redhat 12y ago libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction …
CVE-2014-5030 low 1.9 FIX debian debianubuntu ubuntu apple 12y ago CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
CVE-2014-5029 low 1.5 FIX debian debianubuntu ubuntu apple 12y ago The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerabilit…
CVE-2013-7393 low 2.4 FIX debian debian apache 12y ago The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
CVE-2013-4262 low 2.4 FIX debian debian apache 12y ago svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
CVE-2014-3537 low 1.2 FIX debian debianfedora fedoraubuntu ubuntu apple 12y ago The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
CVE-2014-4986 low 3.5 FIX debian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
CVE-2014-4955 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 all…
CVE-2014-4954 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrar…
CVE-2014-3533 low 2.1 FIX debian debiansuse suse freedesktop 12y ago dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message…