CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

Source: CVE-2020-7226

CVE-2013-4333

OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability

Source: CVE-2013-4333

CVE-2012-6302

Soapbox through 0.3.1: Sandbox bypass – runs a second instance of Soapbox within a sandboxed Soapbox.

Source: CVE-2012-6302

CVE-2012-6451

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability

Source: CVE-2012-6451

CVE-2013-3960

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass

Source: CVE-2013-3960

CVE-2019-19632

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.

Source: CVE-2019-19632

CVE-2019-3700

yast2-security didn’t use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.

Source: CVE-2019-3700

CVE-2019-3699

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.

Source: CVE-2019-3699

CVE-2019-3697

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root.
This issue affects:
openSUSE Leap 15.1
gnump3d version 3.0-lp151.2.1 and prior versions.

Source: CVE-2019-3697

CVE-2019-3694

A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.

Source: CVE-2019-3694