| Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2002-1873 | 5.0 |
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
|
09-04-2020 - 13:47 | 31-12-2002 - 05:00 | |
| CVE-2018-15370 | 4.6 |
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected devic
|
09-10-2019 - 23:35 | 05-10-2018 - 14:29 | |
| CVE-2007-4541 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.
|
15-10-2018 - 21:36 | 27-08-2007 - 21:17 | |
| CVE-2005-3779 | 7.2 |
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
|
11-10-2017 - 01:30 | 23-11-2005 - 01:03 | |
| CVE-2012-3496 | 4.7 |
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as
|
29-08-2017 - 01:31 | 23-11-2012 - 20:55 | |
| CVE-2012-1106 | 1.9 |
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local
|
29-08-2017 - 01:31 | 03-07-2012 - 16:40 | |
| CVE-2009-2061 | 9.3 |
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2063 | 6.8 |
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2062 | 6.8 |
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 3
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2016-10126 | 10.0 |
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST
|
18-01-2017 - 02:59 | 10-01-2017 - 11:59 | |
| CVE-2015-5511 | 5.0 |
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.
|
28-11-2016 - 19:33 | 18-08-2015 - 18:00 |