| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. |
| Local file inclusion in WebCalendar before 1.2.5. |
| Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks |
| Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough |
| Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to |
| Moodle before 2.2.2 has users' private files included in course backups |
| HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. |
| mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. |
| A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. |
| Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. |
| PyXML: Hash table collisions CPU usage Denial of Service |
| While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. |
| An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file |
