IDCVSSSummaryLast (major) updatePublished
CVE-2014-3753 4.3
AgileBits 1Password through 1.0.9.340 allows security feature bypass
21-01-2020 - 19:55 09-01-2020 - 14:15
CVE-2008-6895 7.8
3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT.
17-08-2017 - 01:29 03-08-2009 - 18:30
CVE-2008-6896 5.0
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path.
17-08-2017 - 01:29 03-08-2009 - 18:30
CVE-2012-5812 5.8
The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbit
29-08-2017 - 01:32 04-11-2012 - 22:55
CVE-2013-3643 4.3
The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
17-06-2013 - 04:00 17-06-2013 - 03:29
CVE-2012-6335 3.3
The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
31-12-2012 - 15:14 31-12-2012 - 11:50
CVE-2012-5811 5.8
The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an
04-11-2015 - 17:34 04-11-2012 - 22:55
CVE-2013-4304 7.5
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote att
29-08-2017 - 01:33 26-01-2014 - 20:55
CVE-2020-26085 9.0
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive
11-01-2021 - 16:17 07-01-2021 - 00:15
CVE-2013-1228 4.3
Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280.
05-03-2014 - 19:00 06-09-2013 - 11:15
CVE-2013-3393 5.0
The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60
31-08-2013 - 06:39 26-06-2013 - 19:55
CVE-2019-1855 9.3
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have va
04-01-2021 - 15:22 04-07-2019 - 20:15
CVE-2013-1161 6.3
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CS
26-03-2013 - 16:09 26-03-2013 - 03:42
CVE-2015-0620 4.0
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.
08-09-2017 - 01:29 18-02-2015 - 02:59
CVE-2013-1229 5.0
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028.
01-05-2013 - 12:00 01-05-2013 - 12:00
CVE-2020-3185 3.5
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The
05-03-2020 - 19:33 04-03-2020 - 19:15
CVE-2014-3923 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_roug
25-06-2014 - 17:59 30-05-2014 - 14:55
CVE-2012-5813 5.8
The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers vi
29-08-2017 - 01:32 04-11-2012 - 22:55
CVE-2009-1782 6.8
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Viru
17-08-2017 - 01:30 22-05-2009 - 20:30
CVE-2012-6646 2.1
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.
11-05-2020 - 17:38 18-04-2014 - 14:55
CVE-2019-11644 6.8
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, a
24-08-2020 - 17:37 17-05-2019 - 21:29
CVE-2014-5200 7.5
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
08-09-2017 - 01:29 12-08-2014 - 20:55
CVE-2019-13163 4.3
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and othe
27-02-2020 - 16:10 07-02-2020 - 23:15
CVE-2014-5529 5.4
The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
09-09-2014 - 15:04 09-09-2014 - 01:55
CVE-2012-5120 7.5
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-boun
29-08-2017 - 01:32 07-11-2012 - 11:43
CVE-2012-5809 5.8
The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL s
04-11-2015 - 17:33 04-11-2012 - 22:55
CVE-2014-3042 4.0
IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 dat
29-08-2017 - 01:34 10-06-2014 - 11:19
CVE-2013-6717 4.0
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service
25-09-2018 - 10:29 19-12-2013 - 22:55
CVE-2013-5466 4.0
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
25-09-2018 - 10:29 18-12-2013 - 16:04
CVE-2012-5955 10.0
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
29-08-2017 - 01:32 20-12-2012 - 12:02
CVE-2015-5041 6.4
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
19-06-2019 - 16:16 06-06-2016 - 17:59
CVE-2006-7198 10.0
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.
30-10-2018 - 16:25 30-04-2007 - 22:19
CVE-2008-0741 10.0
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.
08-03-2011 - 03:05 13-02-2008 - 01:00
CVE-2009-0504 2.1
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
08-08-2017 - 01:33 17-02-2009 - 17:30
CVE-2013-0542 4.3
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web scri
29-08-2017 - 01:33 24-04-2013 - 10:28
CVE-2010-0768 4.3
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the U
17-08-2017 - 01:32 01-04-2010 - 19:30
CVE-2010-0769 1.9
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by readin
17-08-2017 - 01:32 01-04-2010 - 19:30
CVE-2007-1608 7.5
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid mu
29-07-2017 - 01:30 22-03-2007 - 23:19
CVE-2008-0740 2.1
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading thi
08-03-2011 - 03:05 13-02-2008 - 01:00
CVE-2008-0389 10.0
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.
08-08-2017 - 01:29 23-01-2008 - 02:00
CVE-2010-0770 4.0
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.
17-08-2017 - 01:32 01-04-2010 - 19:30
CVE-2008-2550 5.0
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.
08-08-2017 - 01:31 04-06-2008 - 20:32
CVE-2010-2325 4.3
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "U
24-06-2010 - 04:00 18-06-2010 - 18:30
CVE-2009-1901 10.0
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
17-08-2017 - 01:30 03-06-2009 - 17:00
CVE-2007-3262 7.8
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPA
29-07-2017 - 01:32 19-06-2007 - 18:30
CVE-2007-3265 4.3
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-07-2017 - 01:32 19-06-2007 - 18:30
CVE-2006-4223 5.0
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabl
07-03-2011 - 05:00 18-08-2006 - 20:04
CVE-2007-3960 9.3
Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).
08-03-2011 - 02:57 24-07-2007 - 18:30
CVE-2009-1899 10.0
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authent
17-08-2017 - 01:30 03-06-2009 - 17:00
CVE-2011-1309 7.5
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
07-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2011-1315 5.0
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS
07-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2011-1311 6.0
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.x
07-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2010-3271 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administ
10-10-2018 - 20:01 18-07-2011 - 22:55
CVE-2011-1316 5.0
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending
07-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2011-1314 5.0
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.
07-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2011-1307 2.1
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability
21-04-2011 - 04:00 08-03-2011 - 21:59
CVE-2011-1318 5.0
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a
30-03-2011 - 04:00 08-03-2011 - 21:59
CVE-2007-1945 7.5
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
29-07-2017 - 01:31 11-04-2007 - 01:19
CVE-2009-1900 5.0
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive informati
17-08-2017 - 01:30 03-06-2009 - 17:00
CVE-2010-2324 7.5
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.
24-06-2010 - 04:00 18-06-2010 - 18:30
CVE-2007-1944 5.0
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerabil
07-03-2011 - 05:00 11-04-2007 - 01:19
CVE-2010-2323 5.0
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.
24-06-2010 - 21:05 18-06-2010 - 18:30
CVE-2007-3264 10.0
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
29-07-2017 - 01:32 19-06-2007 - 18:30
CVE-2006-4222 5.0
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" is
08-03-2011 - 02:40 18-08-2006 - 20:04
CVE-2001-0962 7.5
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
10-10-2017 - 01:29 19-09-2001 - 04:00
CVE-2011-1308 4.3
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via uns
17-08-2017 - 01:34 08-03-2011 - 21:59
CVE-2009-1898 5.0
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the co
17-08-2017 - 01:30 03-06-2009 - 17:00
CVE-2012-2162 6.8
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the networ
29-08-2017 - 01:31 01-05-2012 - 19:55
CVE-2007-3263 10.0
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
29-07-2017 - 01:32 19-06-2007 - 18:30
CVE-2006-4136 7.5
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
08-03-2011 - 02:40 14-08-2006 - 23:04
CVE-2006-5324 7.5
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374.
08-03-2011 - 02:42 17-10-2006 - 17:07
CVE-2006-5323 10.0
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
08-03-2011 - 02:42 17-10-2006 - 17:07
CVE-2007-4833 5.0
Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789.
29-07-2017 - 01:33 12-09-2007 - 19:17
CVE-2008-4283 10.0
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecif
08-08-2017 - 01:32 10-02-2009 - 22:30
CVE-2008-5412 10.0
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.
08-08-2017 - 01:33 10-12-2008 - 00:30
CVE-2007-5799 4.3
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI us
29-07-2017 - 01:33 03-11-2007 - 00:46
CVE-2007-6679 10.0
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2
07-04-2011 - 04:00 10-01-2008 - 02:46
CVE-2008-5413 5.0
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of
23-08-2011 - 04:00 10-12-2008 - 00:30
CVE-2008-5411 5.0
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Vendor has released a Fixpack: http://www-01.ibm.co
08-08-2017 - 01:33 10-12-2008 - 00:30
CVE-2007-5798 4.3
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via th
29-07-2017 - 01:33 03-11-2007 - 00:46
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
24-03-2020 - 18:19 08-07-2008 - 23:41
CVE-2012-5810 5.8
The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL
23-03-2016 - 00:49 04-11-2012 - 22:55
CVE-2020-0905 6.0
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
17-03-2020 - 15:14 12-03-2020 - 16:15
CVE-2001-0509 5.0
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
02-04-2020 - 12:56 20-09-2001 - 04:00
CVE-2004-0574 10.0
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
09-04-2020 - 13:50 03-11-2004 - 05:00
CVE-2004-0978 10.0
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData
09-12-2020 - 18:35 09-02-2005 - 05:00
CVE-2012-4969 9.3
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
21-11-2017 - 18:13 18-09-2012 - 10:39
CVE-2020-2773 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthen
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2755 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticate
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2767 5.8
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2781 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticate
09-09-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2805 5.1
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthe
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2020-2757 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows una
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2756 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows una
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2830 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthe
09-09-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2803 5.1
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthe
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2020-2816 5.0
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Ja
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2754 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticate
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2778 4.3
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2800 5.8
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2014-4542 4.3
Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
11-07-2014 - 17:33 02-07-2014 - 18:55
CVE-2020-8023 7.2
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sa
11-09-2020 - 17:50 01-09-2020 - 12:15
CVE-2014-5525 5.4
The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
09-09-2014 - 14:55 09-09-2014 - 01:55
CVE-2020-7358 4.4
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing betwe
28-09-2020 - 18:36 18-09-2020 - 15:15
CVE-2020-7358 4.4
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing betwe
28-09-2020 - 18:36 18-09-2020 - 15:15
CVE-2019-14678 7.5
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of
22-11-2019 - 19:34 14-11-2019 - 21:15
CVE-2014-3921 4.3
Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.
24-06-2014 - 17:21 30-05-2014 - 14:55
CVE-2019-6025 5.8
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Adv
10-01-2020 - 18:56 26-12-2019 - 16:15
CVE-2020-5575 4.3
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Mo
15-05-2020 - 17:39 14-05-2020 - 02:15
CVE-2020-5576 6.8
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) an
15-05-2020 - 17:33 14-05-2020 - 02:15
CVE-2020-5577 6.5
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.
15-05-2020 - 17:30 14-05-2020 - 02:15
CVE-2020-5528 4.3
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advan
07-02-2020 - 19:41 06-02-2020 - 10:15
CVE-2020-5574 5.0
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and e
15-05-2020 - 17:29 14-05-2020 - 02:15
CVE-2013-5676 4.0
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
16-12-2013 - 17:16 13-12-2013 - 18:55
CVE-2012-5456 4.3
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arb
29-08-2017 - 01:32 24-10-2012 - 17:55
CVE-2017-2750 7.5
Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 240
21-02-2018 - 15:57 23-01-2018 - 16:29
CVE-2019-0162 2.1
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
24-08-2020 - 17:37 17-04-2019 - 18:29
CVE-2013-5933 6.9
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by wri
25-09-2013 - 22:53 25-09-2013 - 10:31
CVE-2013-4777 6.9
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalS
07-12-2016 - 21:18 25-09-2013 - 10:31
CVE-2020-3681 7.5
Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code.
10-08-2020 - 18:40 31-07-2020 - 05:15
CVE-2017-13092 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13093 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The me
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13091 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a de
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13095 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods ar
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13096 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The method
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13097 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The m
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2017-13094 4.6
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in an
09-10-2019 - 23:23 13-07-2018 - 20:29
CVE-2020-16891 7.2
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
23-10-2020 - 12:55 16-10-2020 - 23:15
CVE-2006-2373 10.0
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEIT
26-03-2019 - 19:17 13-06-2006 - 19:06
Back to Top Mark selected
Back to Top