Filtered by CWE-20
Total 12594 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-0342 1 Pyrad Project 1 Pyrad 2024-11-21 4.3 Medium
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
CVE-2013-0267 1 Apache 1 Vcl 2024-11-21 N/A
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
CVE-2013-0243 1 Haskell 1 Hs-tls 2024-11-21 7.4 High
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
CVE-2013-0180 1 Redislabs 1 Redis 2024-11-21 5.5 Medium
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
CVE-2013-0178 1 Redislabs 1 Redis 2024-11-21 5.5 Medium
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
CVE-2013-0165 1 Redhat 1 Openshift 2024-11-21 7.3 High
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2012-6135 2 Phusion, Redhat 2 Passenger, Openshift 2024-11-21 7.5 High
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2012-6125 1 Call-cc 1 Chicken 2024-11-21 9.8 Critical
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
CVE-2012-6123 2 Call-cc, Debian 2 Chicken, Debian Linux 2024-11-21 6.5 Medium
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
CVE-2012-6111 2 Debian, Gnome 2 Debian Linux, Gnome Keyring 2024-11-21 7.5 High
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVE-2012-6070 1 Falconpl 1 Falconpl 2024-11-21 7.5 High
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
CVE-2012-5699 1 Babygekko 1 Babygekko 2024-11-21 9.8 Critical
BabyGekko before 1.2.4 allows PHP file inclusion.
CVE-2012-5582 1 Opendnssec 1 Opendnssec 2024-11-21 9.8 Critical
opendnssec misuses libcurl API
CVE-2012-5360 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
CVE-2012-5359 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
CVE-2012-4603 2 Citrix, Microsoft 3 Receiver, Xenapp Online, Windows 2024-11-21 7.8 High
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
CVE-2012-4576 2 Debian, Freebsd 2 Debian Linux, Freebsd 2024-11-21 7.8 High
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
CVE-2012-4524 2 Fedoraproject, Sillycycle 2 Fedora, Xlockmore 2024-11-21 7.5 High
xlockmore before 5.43 'dclock' security bypass vulnerability
CVE-2012-4438 1 Jenkins 1 Jenkins 2024-11-21 8.8 High
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
CVE-2012-4030 1 Chamilo 1 Chamilo Lms 2024-11-21 7.5 High
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.