| Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-5280 | 3.5 |
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
|
16-06-2022 - 16:18 | 08-01-2018 - 09:29 | |
| CVE-2017-18022 | 4.3 |
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
|
03-10-2019 - 00:03 | 05-01-2018 - 19:29 | |
| CVE-2017-15397 | 5.8 |
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
|
03-10-2019 - 00:03 | 07-02-2018 - 23:29 | |
| CVE-2018-5248 | 6.8 |
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
|
12-03-2019 - 15:35 | 05-01-2018 - 19:29 | |
| CVE-2018-5244 | 4.9 |
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of servic
|
31-10-2018 - 10:32 | 05-01-2018 - 18:29 | |
| CVE-2017-1666 | 5.5 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
|
31-01-2018 - 16:12 | 09-01-2018 - 20:29 | |
| CVE-2017-1668 | 5.8 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerabil
|
31-01-2018 - 16:12 | 09-01-2018 - 20:29 | |
| CVE-2017-1673 | 4.3 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis
|
16-01-2018 - 17:36 | 04-01-2018 - 17:29 | |
| CVE-2017-1727 | 4.0 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.
|
12-01-2018 - 20:14 | 04-01-2018 - 17:29 | |
| CVE-2004-0235 | 6.4 |
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
| CVE-2004-0234 | 10.0 |
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
| CVE-2005-0643 | 7.5 |
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.
|
10-09-2008 - 19:36 | 02-05-2005 - 04:00 | |
| CVE-2005-0644 | 7.5 |
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.
|
05-09-2008 - 20:46 | 02-05-2005 - 04:00 |