Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-08 | CVE-2013-1889 | Improper Input Validation vulnerability in MOD Ruid2 Project MOD Ruid2 mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | 7.5 |
| 2019-11-08 | CVE-2019-10222 | Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. | 7.5 |
| 2019-11-08 | CVE-2008-7272 | Cleartext Storage of Sensitive Information vulnerability in Getfiregpg Firegpg FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | 7.5 |
| 2019-11-07 | CVE-2013-1809 | Link Following vulnerability in multiple products Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | 7.5 |
| 2019-11-07 | CVE-2013-1771 | Information Exposure Through Log Files vulnerability in Monkey-Project Monkey The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | 7.5 |
| 2019-11-07 | CVE-2008-3278 | Insecure Default Initialization of Resource vulnerability in Redhat Frysk 20080805 frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. | 7.8 |
| 2019-11-07 | CVE-2007-5743 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 |
| 2019-11-07 | CVE-2010-2450 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. | 7.5 |
| 2019-11-07 | CVE-2019-3465 | Improper Verification of Cryptographic Signature vulnerability in multiple products Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | 8.8 |
| 2019-11-07 | CVE-2012-0051 | Improper Input Validation vulnerability in multiple products Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | 7.4 |