BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default.

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with “SecurityLevel None” and with empty “AuthFile” options) via a crafted UDP packet.