Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-14241 | 5.0 |
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
|
24-08-2020 - 17:37 | 23-07-2019 - 13:15 | |
CVE-2016-4923 | 4.3 |
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform
|
09-10-2019 - 23:18 | 13-10-2017 - 17:29 | |
CVE-2016-6443 | 6.5 |
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can c
|
01-08-2019 - 12:14 | 27-10-2016 - 21:59 | |
CVE-2006-4057 | 7.5 |
Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
|
17-10-2018 - 21:33 | 10-08-2006 - 00:04 | |
CVE-2008-2510 | 7.5 |
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
|
11-10-2018 - 20:41 | 29-05-2008 - 23:32 | |
CVE-2016-5188 | 4.3 |
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5181 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (U
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5193 | 4.3 |
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5185 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5182 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5191 | 4.3 |
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5189 | 4.3 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5184 | 6.8 |
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5192 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5190 | 6.8 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5187 | 4.3 |
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5186 | 6.8 |
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5183 | 6.8 |
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2011-2903 | 6.8 |
Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other appl
|
29-08-2017 - 01:29 | 02-09-2011 - 16:55 | |
CVE-2016-6440 | 4.3 |
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 1
|
29-07-2017 - 01:34 | 27-10-2016 - 21:59 | |
CVE-2016-6437 | 7.1 |
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see
|
29-07-2017 - 01:34 | 27-10-2016 - 21:59 | |
CVE-2016-9746 | 3.5 |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit
|
26-07-2017 - 01:29 | 05-07-2017 - 17:29 | |
CVE-2016-9701 | 3.5 |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a
|
26-07-2017 - 01:29 | 05-07-2017 - 17:29 | |
CVE-2016-9733 | 3.5 |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit
|
26-07-2017 - 01:29 | 05-07-2017 - 17:29 | |
CVE-2017-1113 | 3.5 |
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl
|
26-07-2017 - 01:29 | 05-07-2017 - 17:29 | |
CVE-2004-0074 | 4.6 |
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
|
11-07-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2016-5939 | 6.5 |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
08-06-2017 - 17:39 | 01-02-2017 - 20:59 | |
CVE-2016-5952 | 6.5 |
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
|
08-02-2017 - 18:52 | 01-02-2017 - 20:59 |