CVE-2019-11455
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
Source: CVE-2019-11455
CVE-2019-11456
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
Source: CVE-2019-11456
CVE-2011-3145
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn’t also set the effective group id. So when it creates the new version, mtab.tmp, it’s created with the group id of the user running mount.ecryptfs_private.
Source: CVE-2011-3145
CVE-2011-1830
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.
Source: CVE-2011-1830
CVE-2011-3151
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
Source: CVE-2011-3151
CVE-2011-3147
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
Source: CVE-2011-3147
CVE-2014-1427
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
Source: CVE-2014-1427
CVE-2014-1426
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
Source: CVE-2014-1426
CVE-2015-1316
Juju Core’s Joyent provider before version 1.25.5 uploads the user’s private ssh key.
Source: CVE-2015-1316