Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-3546 | 9.3 |
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-
|
13-02-2023 - 02:20 | 19-10-2009 - 20:00 | |
CVE-2014-0114 | 7.5 |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
|
13-02-2023 - 00:32 | 30-04-2014 - 10:49 | |
CVE-2014-0364 | 5.0 |
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
|
23-02-2021 - 16:13 | 30-04-2014 - 10:49 | |
CVE-2014-1523 | 4.3 |
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and applicat
|
07-08-2020 - 18:53 | 30-04-2014 - 10:49 | |
CVE-2014-1518 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and app
|
07-08-2020 - 18:52 | 30-04-2014 - 10:49 | |
CVE-2003-0060 | 7.5 |
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerbe
|
21-01-2020 - 15:44 | 19-02-2003 - 05:00 | |
CVE-2017-2580 | 6.8 |
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
|
24-06-2019 - 15:15 | 27-07-2018 - 18:29 | |
CVE-2012-5580 | 7.5 |
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name,
|
29-08-2017 - 01:32 | 27-10-2014 - 22:55 | |
CVE-2007-6360 | 7.8 |
Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) t
|
08-08-2017 - 01:29 | 15-12-2007 - 01:46 | |
CVE-2006-0843 | 5.0 |
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
CVE-2014-2558 | 6.5 |
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the cr
|
07-05-2014 - 13:23 | 06-05-2014 - 14:55 |