| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-3704 | 7.2 |
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS
|
09-10-2019 - 23:49 | 07-02-2019 - 19:29 | |
| CVE-2009-3548 | 7.5 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
|
25-03-2019 - 11:31 | 12-11-2009 - 23:30 | |
| CVE-2006-1068 | 4.9 |
Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for N
|
18-10-2018 - 16:30 | 07-03-2006 - 22:06 | |
| CVE-2006-1067 | 5.0 |
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT e
|
18-10-2018 - 16:30 | 07-03-2006 - 22:06 | |
| CVE-2007-6416 | 4.6 |
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
|
29-09-2017 - 01:29 | 17-12-2007 - 23:46 | |
| CVE-2014-6041 | 5.8 |
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser ap
|
08-09-2017 - 01:29 | 02-09-2014 - 10:55 | |
| CVE-2014-3095 | 3.5 |
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause
|
29-08-2017 - 01:34 | 04-09-2014 - 10:55 | |
| CVE-2017-5231 | 5.1 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to
|
21-03-2017 - 01:59 | 02-03-2017 - 20:59 | |
| CVE-2017-5228 | 5.1 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbit
|
21-03-2017 - 01:59 | 02-03-2017 - 20:59 | |
| CVE-2017-5229 | 5.1 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to
|
21-03-2017 - 01:59 | 02-03-2017 - 20:59 | |
| CVE-2003-0050 | 7.5 |
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
|
18-10-2016 - 02:28 | 07-03-2003 - 05:00 |