Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
Get requests in JBoss Enterprise Application Platform (EAP) 7 discloses internal IP address to remote attackers.
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 does not contain privilege separation.
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.